[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/intel/igc/igc_main.c","drivers/net/ethernet/intel/igc/igc_regs.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"146740f9abc4976e4f0af1aa302efee1c699d2e4","lessThan":"16cb6717f4f42487ef10583eb8bc98e7d1e33d65","versionType":"git","status":"affected"},{"version":"146740f9abc4976e4f0af1aa302efee1c699d2e4","lessThan":"77836dbe35382aaf8108489060c5c89530c77494","versionType":"git","status":"affected"},{"version":"146740f9abc4976e4f0af1aa302efee1c699d2e4","lessThan":"e75b73081f1ec169518773626c2ff3950476660b","versionType":"git","status":"affected"},{"version":"146740f9abc4976e4f0af1aa302efee1c699d2e4","lessThan":"70965b6e5c03aa70cc754af1226b9f9cde0c4bf3","versionType":"git","status":"affected"},{"version":"146740f9abc4976e4f0af1aa302efee1c699d2e4","lessThan":"7c1ddcee5311f3315096217881d2dbe47cc683f9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/intel/igc/igc_main.c","drivers/net/ethernet/intel/igc/igc_regs.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","versionType":"semver","status":"unaffected"},{"version":"5.4.208","lessThanOrEqual":"5.4.*","versionType":"semver","status":"unaffected"},{"version":"5.10.134","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.58","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"5.18.15","lessThanOrEqual":"5.18.*","versionType":"semver","status":"unaffected"},{"version":"5.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476

OR
          *cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.208
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.134
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.58
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.18.15
          *cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:*

kernel.org: https://git.kernel.org/stable/c/16cb6717f4f42487ef10583eb8bc98e7d1e33d65 Types: Patch

kernel.org: https://git.kernel.org/stable/c/70965b6e5c03aa70cc754af1226b9f9cde0c4bf3 Types: Patch

kernel.org: https://git.kernel.org/stable/c/77836dbe35382aaf8108489060c5c89530c77494 Types: Patch

kernel.org: https://git.kernel.org/stable/c/7c1ddcee5311f3315096217881d2dbe47cc683f9 Types: Patch

kernel.org: https://git.kernel.org/stable/c/e75b73081f1ec169518773626c2ff3950476660b Types: Patch

In the Linux kernel, the following vulnerability has been resolved:

igc: Reinstate IGC_REMOVED logic and implement it properly

The initially merged version of the igc driver code (via commit
146740f9abc4, "igc: Add support for PF") contained the following
IGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors:

	u32 igc_rd32(struct igc_hw *hw, u32 reg)
	{
		u8 __iomem *hw_addr = READ_ONCE(hw->hw_addr);
		u32 value = 0;

		if (IGC_REMOVED(hw_addr))
			return ~value;

		value = readl(&hw_addr[reg]);

		/* reads should not return all F's */
		if (!(~value) && (!reg || !(~readl(hw_addr))))
			hw->hw_addr = NULL;

		return value;
	}

And:

	#define wr32(reg, val) \
	do { \
		u8 __iomem *hw_addr = READ_ONCE((hw)->hw_addr); \
		if (!IGC_REMOVED(hw_addr)) \
			writel((val), &hw_addr[(reg)]); \
	} while (0)

E.g. igb has similar checks in its MMIO accessors, and has a similar
macro E1000_REMOVED, which is implemented as follows:

	#define E1000_REMOVED(h) unlikely(!(h))

These checks serve to detect and take note of an 0xffffffff MMIO read
return from the device, which can be caused by a PCIe link flap or some
other kind of PCI bus error, and to avoid performing MMIO reads and
writes from that point onwards.

However, the IGC_REMOVED macro was not originally implemented:

	#ifndef IGC_REMOVED
	#define IGC_REMOVED(a) (0)
	#endif /* IGC_REMOVED */

This led to the IGC_REMOVED logic to be removed entirely in a
subsequent commit (commit 3c215fb18e70, "igc: remove IGC_REMOVED
function"), with the rationale that such checks matter only for
virtualization and that igc does not support virtualization -- but a
PCIe device can become detached even without virtualization being in
use, and without proper checks, a PCIe bus error affecting an igc
adapter will lead to various NULL pointer dereferences, as the first
access after the error will set hw->hw_addr to NULL, and subsequent
accesses will blindly dereference this now-NULL pointer.

This patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and
implements IGC_REMOVED th

https://git.kernel.org/stable/c/16cb6717f4f42487ef10583eb8bc98e7d1e33d65

https://git.kernel.org/stable/c/70965b6e5c03aa70cc754af1226b9f9cde0c4bf3

https://git.kernel.org/stable/c/77836dbe35382aaf8108489060c5c89530c77494

https://git.kernel.org/stable/c/7c1ddcee5311f3315096217881d2dbe47cc683f9

https://git.kernel.org/stable/c/e75b73081f1ec169518773626c2ff3950476660b