Linux Kernel PCI Link Speed Calculation Vulnerability on Retrain Failure

A vulnerability in the Linux kernel's PCI Express (PCIe) handling has been addressed. The issue arose when the link retraining process failed; the system attempted to revert to the previous link speed. However, the calculation was flawed as it did not properly mask non-speed bits in the Link Control 2 register. This oversight led to incorrect speed values being interpreted as 'unknown', causing warning messages about broken devices and failed retraining attempts. The vulnerability affected several versions of the Linux kernel.

Impact

The vulnerability could cause the system to mismanage PCIe link speeds, leading to warnings about broken devices and non-functional links, which could disrupt normal operations.

Reproduction

The vulnerability can be reproduced by simulating a failure in the PCIe link retraining process. This can be done by configuring a PCIe device in a way that causes the retraining to fail, such as using a device that does not properly support the required link speeds. Once the retraining fails, the system will attempt to revert to the previous link speed, but due to the improper calculation, it will incorrectly report the speed as 'unknown'. This triggers a warning about the device being broken and the retraining failing, demonstrating the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.