ghsa-mxw3-r93h-fcv9
Vulnerability from github
Published
2025-09-15 15:31
Modified
2025-09-15 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

igb: Fix igb_down hung on surprise removal

In a setup where a Thunderbolt hub connects to Ethernet and a display through USB Type-C, users may experience a hung task timeout when they remove the cable between the PC and the Thunderbolt hub. This is because the igb_down function is called multiple times when the Thunderbolt hub is unplugged. For example, the igb_io_error_detected triggers the first call, and the igb_remove triggers the second call. The second call to igb_down will block at napi_synchronize. Here's the call trace: __schedule+0x3b0/0xddb ? __mod_timer+0x164/0x5d3 schedule+0x44/0xa8 schedule_timeout+0xb2/0x2a4 ? run_local_timers+0x4e/0x4e msleep+0x31/0x38 igb_down+0x12c/0x22a [igb 6615058754948bfde0bf01429257eb59f13030d4] __igb_close+0x6f/0x9c [igb 6615058754948bfde0bf01429257eb59f13030d4] igb_close+0x23/0x2b [igb 6615058754948bfde0bf01429257eb59f13030d4] __dev_close_many+0x95/0xec dev_close_many+0x6e/0x103 unregister_netdevice_many+0x105/0x5b1 unregister_netdevice_queue+0xc2/0x10d unregister_netdev+0x1c/0x23 igb_remove+0xa7/0x11c [igb 6615058754948bfde0bf01429257eb59f13030d4] pci_device_remove+0x3f/0x9c device_release_driver_internal+0xfe/0x1b4 pci_stop_bus_device+0x5b/0x7f pci_stop_bus_device+0x30/0x7f pci_stop_bus_device+0x30/0x7f pci_stop_and_remove_bus_device+0x12/0x19 pciehp_unconfigure_device+0x76/0xe9 pciehp_disable_slot+0x6e/0x131 pciehp_handle_presence_or_link_change+0x7a/0x3f7 pciehp_ist+0xbe/0x194 irq_thread_fn+0x22/0x4d ? irq_thread+0x1fd/0x1fd irq_thread+0x17b/0x1fd ? irq_forced_thread_fn+0x5f/0x5f kthread+0x142/0x153 ? __irq_get_irqchip_state+0x46/0x46 ? kthread_associate_blkcg+0x71/0x71 ret_from_fork+0x1f/0x30

In this case, igb_io_error_detected detaches the network interface and requests a PCIE slot reset, however, the PCIE reset callback is not being invoked and thus the Ethernet connection breaks down. As the PCIE error in this case is a non-fatal one, requesting a slot reset can be avoided. This patch fixes the task hung issue and preserves Ethernet connection by ignoring non-fatal PCIE errors.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53148"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T14:15:37Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix igb_down hung on surprise removal\n\nIn a setup where a Thunderbolt hub connects to Ethernet and a display\nthrough USB Type-C, users may experience a hung task timeout when they\nremove the cable between the PC and the Thunderbolt hub.\nThis is because the igb_down function is called multiple times when\nthe Thunderbolt hub is unplugged. For example, the igb_io_error_detected\ntriggers the first call, and the igb_remove triggers the second call.\nThe second call to igb_down will block at napi_synchronize.\nHere\u0027s the call trace:\n    __schedule+0x3b0/0xddb\n    ? __mod_timer+0x164/0x5d3\n    schedule+0x44/0xa8\n    schedule_timeout+0xb2/0x2a4\n    ? run_local_timers+0x4e/0x4e\n    msleep+0x31/0x38\n    igb_down+0x12c/0x22a [igb 6615058754948bfde0bf01429257eb59f13030d4]\n    __igb_close+0x6f/0x9c [igb 6615058754948bfde0bf01429257eb59f13030d4]\n    igb_close+0x23/0x2b [igb 6615058754948bfde0bf01429257eb59f13030d4]\n    __dev_close_many+0x95/0xec\n    dev_close_many+0x6e/0x103\n    unregister_netdevice_many+0x105/0x5b1\n    unregister_netdevice_queue+0xc2/0x10d\n    unregister_netdev+0x1c/0x23\n    igb_remove+0xa7/0x11c [igb 6615058754948bfde0bf01429257eb59f13030d4]\n    pci_device_remove+0x3f/0x9c\n    device_release_driver_internal+0xfe/0x1b4\n    pci_stop_bus_device+0x5b/0x7f\n    pci_stop_bus_device+0x30/0x7f\n    pci_stop_bus_device+0x30/0x7f\n    pci_stop_and_remove_bus_device+0x12/0x19\n    pciehp_unconfigure_device+0x76/0xe9\n    pciehp_disable_slot+0x6e/0x131\n    pciehp_handle_presence_or_link_change+0x7a/0x3f7\n    pciehp_ist+0xbe/0x194\n    irq_thread_fn+0x22/0x4d\n    ? irq_thread+0x1fd/0x1fd\n    irq_thread+0x17b/0x1fd\n    ? irq_forced_thread_fn+0x5f/0x5f\n    kthread+0x142/0x153\n    ? __irq_get_irqchip_state+0x46/0x46\n    ? kthread_associate_blkcg+0x71/0x71\n    ret_from_fork+0x1f/0x30\n\nIn this case, igb_io_error_detected detaches the network interface\nand requests a PCIE slot reset, however, the PCIE reset callback is\nnot being invoked and thus the Ethernet connection breaks down.\nAs the PCIE error in this case is a non-fatal one, requesting a\nslot reset can be avoided.\nThis patch fixes the task hung issue and preserves Ethernet\nconnection by ignoring non-fatal PCIE errors.",
  "id": "GHSA-mxw3-r93h-fcv9",
  "modified": "2025-09-15T15:31:23Z",
  "published": "2025-09-15T15:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53148"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/004d25060c78fc31f66da0fa439c544dda1ac9d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/124e39a734cb90658b8f0dc110847bbfc6e33792"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39695e87d86f0e7d897fba1d2559f825aa20caeb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/41f63b72a01c0e0ac59ab83fd2d921fcce0f602d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/994c2ceb70ea99264ccc6f09e6703ca267dad63c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c2312e1d12b1c3ee4100c173131b102e2aed4d04"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9f56f3c7bc908caa772112d3ae71cdd5d18c257"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa92c463eba75dcedbd8d689ffdcb83293aaa0c3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.