Linux Kernel Deadlock Vulnerability in igb Driver

A deadlock vulnerability has been identified in the Linux kernel's igb network driver. This issue arises from an unnecessary use of rtnl_lock, which was added to prevent a false data race related to virtual function configuration in SR-IOV (Single Root I/O Virtualization) management. The added lock, however, creates a deadlock scenario when the driver is removed, as it interferes with the normal synchronization process of cleaning up resources. This vulnerability affects several versions of the Linux kernel where the igb driver is used.

Impact

The vulnerability leads to a deadlock condition, causing the system to hang indefinitely while waiting for a resource to become available. This can disrupt normal operations and may require a manual intervention to resolve.

Reproduction

The deadlock can be reproduced by removing a PCI device that uses the igb driver while SR-IOV is enabled. The process of disabling SR-IOV will attempt to release resources while holding a lock, causing a conflict that leads to a deadlock.

Remediation

Users can apply the latest patches available in the Linux kernel to address this vulnerability. Instructions for updating the kernel can be found in the documentation for the specific Linux distribution in use.