ghsa-vv5g-r8mg-xvc2
Vulnerability from github
Published
2025-10-21 12:31
Modified
2025-10-21 12:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

igc: avoid kernel warning when changing RX ring parameters

Calling ethtool changing the RX ring parameters like this:

$ ethtool -G eth0 rx 1024

on igc triggers kernel warnings like this:

[ 225.198467] ------------[ cut here ]------------ [ 225.198473] Missing unregister, handled but fix driver [ 225.198485] WARNING: CPU: 7 PID: 959 at net/core/xdp.c:168 xdp_rxq_info_reg+0x79/0xd0 [...] [ 225.198601] Call Trace: [ 225.198604] [ 225.198609] igc_setup_rx_resources+0x3f/0xe0 [igc] [ 225.198617] igc_ethtool_set_ringparam+0x30e/0x450 [igc] [ 225.198626] ethnl_set_rings+0x18a/0x250 [ 225.198631] genl_family_rcv_msg_doit+0xca/0x110 [ 225.198637] genl_rcv_msg+0xce/0x1c0 [ 225.198640] ? rings_prepare_data+0x60/0x60 [ 225.198644] ? genl_get_cmd+0xd0/0xd0 [ 225.198647] netlink_rcv_skb+0x4e/0xf0 [ 225.198652] genl_rcv+0x24/0x40 [ 225.198655] netlink_unicast+0x20e/0x330 [ 225.198659] netlink_sendmsg+0x23f/0x480 [ 225.198663] sock_sendmsg+0x5b/0x60 [ 225.198667] __sys_sendto+0xf0/0x160 [ 225.198671] ? handle_mm_fault+0xb2/0x280 [ 225.198676] ? do_user_addr_fault+0x1eb/0x690 [ 225.198680] __x64_sys_sendto+0x20/0x30 [ 225.198683] do_syscall_64+0x38/0x90 [ 225.198687] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 225.198693] RIP: 0033:0x7f7ae38ac3aa

igc_ethtool_set_ringparam() copies the igc_ring structure but neglects to reset the xdp_rxq_info member before calling igc_setup_rx_resources(). This in turn calls xdp_rxq_info_reg() with an already registered xdp_rxq_info.

Make sure to unregister the xdp_rxq_info structure first in igc_setup_rx_resources.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49227"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:59Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid kernel warning when changing RX ring parameters\n\nCalling ethtool changing the RX ring parameters like this:\n\n  $ ethtool -G eth0 rx 1024\n\non igc triggers kernel warnings like this:\n\n[  225.198467] ------------[ cut here ]------------\n[  225.198473] Missing unregister, handled but fix driver\n[  225.198485] WARNING: CPU: 7 PID: 959 at net/core/xdp.c:168\nxdp_rxq_info_reg+0x79/0xd0\n[...]\n[  225.198601] Call Trace:\n[  225.198604]  \u003cTASK\u003e\n[  225.198609]  igc_setup_rx_resources+0x3f/0xe0 [igc]\n[  225.198617]  igc_ethtool_set_ringparam+0x30e/0x450 [igc]\n[  225.198626]  ethnl_set_rings+0x18a/0x250\n[  225.198631]  genl_family_rcv_msg_doit+0xca/0x110\n[  225.198637]  genl_rcv_msg+0xce/0x1c0\n[  225.198640]  ? rings_prepare_data+0x60/0x60\n[  225.198644]  ? genl_get_cmd+0xd0/0xd0\n[  225.198647]  netlink_rcv_skb+0x4e/0xf0\n[  225.198652]  genl_rcv+0x24/0x40\n[  225.198655]  netlink_unicast+0x20e/0x330\n[  225.198659]  netlink_sendmsg+0x23f/0x480\n[  225.198663]  sock_sendmsg+0x5b/0x60\n[  225.198667]  __sys_sendto+0xf0/0x160\n[  225.198671]  ? handle_mm_fault+0xb2/0x280\n[  225.198676]  ? do_user_addr_fault+0x1eb/0x690\n[  225.198680]  __x64_sys_sendto+0x20/0x30\n[  225.198683]  do_syscall_64+0x38/0x90\n[  225.198687]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[  225.198693] RIP: 0033:0x7f7ae38ac3aa\n\nigc_ethtool_set_ringparam() copies the igc_ring structure but neglects to\nreset the xdp_rxq_info member before calling igc_setup_rx_resources().\nThis in turn calls xdp_rxq_info_reg() with an already registered xdp_rxq_info.\n\nMake sure to unregister the xdp_rxq_info structure first in\nigc_setup_rx_resources.",
  "id": "GHSA-vv5g-r8mg-xvc2",
  "modified": "2025-10-21T12:31:23Z",
  "published": "2025-10-21T12:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49227"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ddb49af08094ebee250b461172ee7b8e27a35d3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/453307b569a0d41bddd07f26bf41b784cd82a4c9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/65aebcf1e05bd97d2e7ffcdff36efea1757c9450"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab8c107470d12e7ef99030bf0911a10cdef62d16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.