Linux Kernel igc Driver LED Setup Error Causes Kernel Panic

A vulnerability in the Linux kernel's igc network driver has been addressed, where a failure in the LED setup process led to a kernel panic. This occurred because the igc_probe() function did not properly handle the error, causing free_netdev() to trigger a panic since unregister_netdev() was not called. The issue can be reproduced using the kernel's fault-injection framework, particularly the failslab feature. The LED setup failure is now treated as non-fatal, allowing the probe to continue and avoiding the kernel panic.

Impact

The vulnerability caused a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by injecting a failure into the LED setup process of the igc driver. This can be done by using the failslab feature of the kernel's fault-injection framework, which allows for the simulation of errors during the driver's probe process. Once the LED setup fails, the igc_probe() function will not complete successfully, leading to a kernel panic when free_netdev() is called, as the necessary cleanup was not performed.

Remediation

Users can update to the latest version of the Linux kernel where this issue has been fixed. The specific commit addressing this vulnerability is available in the Linux kernel stable tree.