CVE-2024-50040
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
igb: Do not bring the device up after non-fatal error
Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when processing transient non-fatal errors. igb_io_resume(), which is called after igb_io_error_detected(), assumes that device is brought down by igb_io_error_detected() if the interface is up. This resulted in panic with stacktrace below.
[ T3256] igb 0000:09:00.0 haeth0: igb: haeth0 NIC Link is Down [ T292] pcieport 0000:00:1c.5: AER: Uncorrected (Non-Fatal) error received: 0000:09:00.0 [ T292] igb 0000:09:00.0: PCIe Bus Error: severity=Uncorrected (Non-Fatal), type=Transaction Layer, (Requester ID) [ T292] igb 0000:09:00.0: device [8086:1537] error status/mask=00004000/00000000 [ T292] igb 0000:09:00.0: [14] CmpltTO [ 200.105524,009][ T292] igb 0000:09:00.0: AER: TLP Header: 00000000 00000000 00000000 00000000 [ T292] pcieport 0000:00:1c.5: AER: broadcast error_detected message [ T292] igb 0000:09:00.0: Non-correctable non-fatal error reported. [ T292] pcieport 0000:00:1c.5: AER: broadcast mmio_enabled message [ T292] pcieport 0000:00:1c.5: AER: broadcast resume message [ T292] ————[ cut here ]———— [ T292] kernel BUG at net/core/dev.c:6539! [ T292] invalid opcode: 0000 [#1] PREEMPT SMP [ T292] RIP: 0010:napi_enable+0x37/0x40 [ T292] Call Trace: [ T292] <TASK> [ T292] ? die+0x33/0x90 [ T292] ? do_trap+0xdc/0x110 [ T292] ? napi_enable+0x37/0x40 [ T292] ? do_error_trap+0x70/0xb0 [ T292] ? napi_enable+0x37/0x40 [ T292] ? napi_enable+0x37/0x40 [ T292] ? exc_invalid_op+0x4e/0x70 [ T292] ? napi_enable+0x37/0x40 [ T292] ? asm_exc_invalid_op+0x16/0x20 [ T292] ? napi_enable+0x37/0x40 [ T292] igb_up+0x41/0x150 [ T292] igb_io_resume+0x25/0x70 [ T292] report_resume+0x54/0x70 [ T292] ? report_frozen_detected+0x20/0x20 [ T292] pci_walk_bus+0x6c/0x90 [ T292] ? aer_print_port_info+0xa0/0xa0 [ T292] pcie_do_recovery+0x22f/0x380 [ T292] aer_process_err_devices+0x110/0x160 [ T292] aer_isr+0x1c1/0x1e0 [ T292] ? disable_irq_nosync+0x10/0x10 [ T292] irq_thread_fn+0x1a/0x60 [ T292] irq_thread+0xe3/0x1a0 [ T292] ? irq_set_affinity_notifier+0x120/0x120 [ T292] ? irq_affinity_notify+0x100/0x100 [ T292] kthread+0xe2/0x110 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork+0x2d/0x50 [ T292] ? kthread_complete_and_exit+0x20/0x20 [ T292] ret_from_fork_asm+0x11/0x20 [ T292] </TASK>
To fix this issue igb_io_resume() checks if the interface is running and the device is not down this means igb_io_error_detected() did not bring the device down and there is no need to bring it up.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 124e39a734cb90658b8f0dc110847bbfc6e33792 < dca2ca65a8695d9593e2cf1b40848e073ad75413 | affected |
| Linux | Linux | c9f56f3c7bc908caa772112d3ae71cdd5d18c257 < c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7 | affected |
| Linux | Linux | 994c2ceb70ea99264ccc6f09e6703ca267dad63c < d79af3af2f49c6aae9add3d492c04d60c1b85ce4 | affected |
| Linux | Linux | fa92c463eba75dcedbd8d689ffdcb83293aaa0c3 < 0a94079e3841d00ea5abb05e3233d019a86745f6 | affected |
| Linux | Linux | 39695e87d86f0e7d897fba1d2559f825aa20caeb < 6a39c8f5c8aae74c5ab2ba466791f59ffaab0178 | affected |
| Linux | Linux | 004d25060c78fc31f66da0fa439c544dda1ac9d5 < 57c5053eaa5f9a8a99e34732e37a86615318e464 | affected |
| Linux | Linux | 004d25060c78fc31f66da0fa439c544dda1ac9d5 < 500be93c5d53b7e2c5314292012185f0207bad0c | affected |
| Linux | Linux | 004d25060c78fc31f66da0fa439c544dda1ac9d5 < 330a699ecbfc9c26ec92c6310686da1230b4e7eb | affected |
| Linux | Linux | c2312e1d12b1c3ee4100c173131b102e2aed4d04 | affected |
| Linux | Linux | 41f63b72a01c0e0ac59ab83fd2d921fcce0f602d | affected |
| Linux | Linux | 4.19.291 < 4.19.323 | affected |
| Linux | Linux | 5.4.251 < 5.4.285 | affected |
| Linux | Linux | 5.10.188 < 5.10.227 | affected |
| Linux | Linux | 5.15.150 < 5.15.168 | affected |
| Linux | Linux | 6.1.42 < 6.1.113 | affected |
| Linux | Linux | 4.14.322 < 4.15 | affected |
| Linux | Linux | 6.4.7 < 6.5 | affected |
| Linux | Linux | 6.5 | affected |
| Linux | Linux | 0 < 6.5 | unaffected |
| Linux | Linux | 4.19.323 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.285 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.227 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.168 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.57 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.4 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-398330.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-355557.html
References
- https://git.kernel.org/stable/c/dca2ca65a8695d9593e2cf1b40848e073ad75413
- https://git.kernel.org/stable/c/c92cbd283ddcf55fd85a9a9b0ba13298213f3dd7
- https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4
- https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6
- https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178
- https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464
- https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c
- https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.