CVE-2023-53060

In the Linux kernel, the following vulnerability has been resolved:

igb: revert rtnl_lock() that causes deadlock

The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds
rtnl_lock to eliminate a false data race shown below

 (FREE from device detaching)      |   (USE from netdev core)
igb_remove                         |  igb_ndo_get_vf_config
 igb_disable_sriov                 |  vf >= adapter->vfs_allocated_count?
  kfree(adapter->vf_data)          |
  adapter->vfs_allocated_count = 0 |
                                   |    memcpy(... adapter->vf_data[vf]

The above race will never happen and the extra rtnl_lock causes deadlock
below

[  141.420169]  <TASK>
[  141.420672]  __schedule+0x2dd/0x840
[  141.421427]  schedule+0x50/0xc0
[  141.422041]  schedule_preempt_disabled+0x11/0x20
[  141.422678]  __mutex_lock.isra.13+0x431/0x6b0
[  141.423324]  unregister_netdev+0xe/0x20
[  141.423578]  igbvf_remove+0x45/0xe0 [igbvf]
[  141.423791]  pci_device_remove+0x36/0xb0
[  141.423990]  device_release_driver_internal+0xc1/0x160
[  141.424270]  pci_stop_bus_device+0x6d/0x90
[  141.424507]  pci_stop_and_remove_bus_device+0xe/0x20
[  141.424789]  pci_iov_remove_virtfn+0xba/0x120
[  141.425452]  sriov_disable+0x2f/0xf0
[  141.425679]  igb_disable_sriov+0x4e/0x100 [igb]
[  141.426353]  igb_remove+0xa0/0x130 [igb]
[  141.426599]  pci_device_remove+0x36/0xb0
[  141.426796]  device_release_driver_internal+0xc1/0x160
[  141.427060]  driver_detach+0x44/0x90
[  141.427253]  bus_remove_driver+0x55/0xe0
[  141.427477]  pci_unregister_driver+0x2a/0xa0
[  141.428296]  __x64_sys_delete_module+0x141/0x2b0
[  141.429126]  ? mntput_no_expire+0x4a/0x240
[  141.429363]  ? syscall_trace_enter.isra.19+0x126/0x1a0
[  141.429653]  do_syscall_64+0x5b/0x80
[  141.429847]  ? exit_to_user_mode_prepare+0x14d/0x1c0
[  141.430109]  ? syscall_exit_to_user_mode+0x12/0x30
[  141.430849]  ? do_syscall_64+0x67/0x80
[  141.431083]  ? syscall_exit_to_user_mode_prepare+0x183/0x1b0
[  141.431770]  ? syscall_exit_to_user_mode+0x12/0x30
[  141.432482]  ? do_syscall_64+0x67/0x80
[  141.432714]  ? exc_page_fault+0x64/0x140
[  141.432911]  entry_SYSCALL_64_after_hwframe+0x72/0xdc

Since the igb_disable_sriov() will call pci_disable_sriov() before
releasing any resources, the netdev core will synchronize the cleanup to
avoid any races. This patch removes the useless rtnl_(un)lock to guarantee
correctness.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
linuxlinux_kernel
4.14.291 ≤
𝑥
< 4.14.312
linuxlinux_kernel
4.19.256 ≤
𝑥
< 4.19.280
linuxlinux_kernel
5.4.211 ≤
𝑥
< 5.4.240
linuxlinux_kernel
5.10.138 ≤
𝑥
< 5.10.177
linuxlinux_kernel
5.15.63 ≤
𝑥
< 5.15.105
linuxlinux_kernel
5.19.4 ≤
𝑥
< 6.0
linuxlinux_kernel
6.0.1 ≤
𝑥
< 6.1.22
linuxlinux_kernel
6.2 ≤
𝑥
< 6.2.9
linuxlinux_kernel
6.0
linuxlinux_kernel
6.0:rc2
linuxlinux_kernel
6.0:rc3
linuxlinux_kernel
6.0:rc4
linuxlinux_kernel
6.0:rc5
linuxlinux_kernel
6.0:rc6
linuxlinux_kernel
6.0:rc7
linuxlinux_kernel
6.3:rc1
linuxlinux_kernel
6.3:rc2
linuxlinux_kernel
6.3:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.135-1
fixed
trixie
6.12.22-1
fixed
sid
6.12.25-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0dabb72b923e17cb3b4ac99ea1adc9ef35116930
https://git.kernel.org/stable/c/4d2626e10709ff8474ffd1a9db3cf4647569e89c
https://git.kernel.org/stable/c/62a64645749926f9d75af82a96440941f22b046f
https://git.kernel.org/stable/c/65f69851e44d71248b952a687e44759a7abb5016
https://git.kernel.org/stable/c/66e5577cabc3d463eea540332727929d0ace41c6
https://git.kernel.org/stable/c/7d845e9a485f287181ff81567c3900a8e7ad1e28
https://git.kernel.org/stable/c/cd1e320ac0958298c2774605ad050483f33a21f2
https://git.kernel.org/stable/c/de91528d8ba274c614a2265077d695c61e31fd43