Linux Kernel Thunderbolt Hub Disconnection Hang Task Timeout Vulnerability

A vulnerability in the Linux kernel's Intel IGB Ethernet driver can cause a hung task timeout when a Thunderbolt hub is disconnected from a PC. This issue arises because the 'igb_down' function is called multiple times during the disconnection process, leading to a blockage at 'napi_synchronize'. The problem is exacerbated by the fact that a non-fatal PCIe error is reported, which disrupts the Ethernet connection by not invoking the necessary reset callback. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a denial-of-service condition by causing a hung task timeout, disrupting normal system operations and potentially causing network connectivity issues.

Reproduction

To reproduce this vulnerability, connect a Thunderbolt hub to a PC, ensuring that it is set up to transmit Ethernet data and display output via USB Type-C. While the hub is active, remove the cable connecting the PC to the hub. This action will trigger multiple calls to the 'igb_down' function, causing the task to hang and timeout. The 'igb_io_error_detected' function will initiate the first call by detaching the network interface and requesting a PCIe slot reset. The second call, triggered by 'igb_remove', will block at 'napi_synchronize', creating a hung task situation.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.