CVE-2022-49605— igc: Reinstate IGC_REMOVED logic and implement it properly
Affected Version Matrix 12
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 146740f9abc4976e4f0af1aa302efee1c699d2e4< 16cb6717f4f42487ef10583eb8bc98e7d1e33d65 | affected |
146740f9abc4976e4f0af1aa302efee1c699d2e4< 77836dbe35382aaf8108489060c5c89530c77494 | affected | ||
146740f9abc4976e4f0af1aa302efee1c699d2e4< e75b73081f1ec169518773626c2ff3950476660b | affected | ||
146740f9abc4976e4f0af1aa302efee1c699d2e4< 70965b6e5c03aa70cc754af1226b9f9cde0c4bf3 | affected | ||
146740f9abc4976e4f0af1aa302efee1c699d2e4< 7c1ddcee5311f3315096217881d2dbe47cc683f9 | affected | ||
4.20 | affected | ||
< 4.20 | unaffected | ||
5.4.208≤ 5.4.* | unaffected | ||
| … +4 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-49605
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
igc: Reinstate IGC_REMOVED logic and implement it properly
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGC_REMOVED logic and implement it properly The initially merged version of the igc driver code (via commit 146740f9abc4, "igc: Add support for PF") contained the following IGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors: u32 igc_rd32(struct igc_hw *hw, u32 reg) { u8 __iomem *hw_addr = READ_ONCE(hw->hw_addr); u32 value = 0; if (IGC_REMOVED(hw_addr)) return ~value; value = readl(&hw_addr[reg]); /* reads should not return all F's */ if (!(~value) && (!reg || !(~readl(hw_addr)))) hw->hw_addr = NULL; return value; } And: #define wr32(reg, val) \ do { \ u8 __iomem *hw_addr = READ_ONCE((hw)->hw_addr); \ if (!IGC_REMOVED(hw_addr)) \ writel((val), &hw_addr[(reg)]); \ } while (0) E.g. igb has similar checks in its MMIO accessors, and has a similar macro E1000_REMOVED, which is implemented as follows: #define E1000_REMOVED(h) unlikely(!(h)) These checks serve to detect and take note of an 0xffffffff MMIO read return from the device, which can be caused by a PCIe link flap or some other kind of PCI bus error, and to avoid performing MMIO reads and writes from that point onwards. However, the IGC_REMOVED macro was not originally implemented: #ifndef IGC_REMOVED #define IGC_REMOVED(a) (0) #endif /* IGC_REMOVED */ This led to the IGC_REMOVED logic to be removed entirely in a subsequent commit (commit 3c215fb18e70, "igc: remove IGC_REMOVED function"), with the rationale that such checks matter only for virtualization and that igc does not support virtualization -- but a PCIe device can become detached even without virtualization being in use, and without proper checks, a PCIe bus error affecting an igc adapter will lead to various NULL pointer dereferences, as the first access after the error will set hw->hw_addr to NULL, and subsequent accesses will blindly dereference this now-NULL pointer. This patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and implements IGC_REMOVED the way it is done for igb, by checking for the unlikely() case of hw_addr being NULL. This change prevents the oopses seen when a PCIe link flap occurs on an igc adapter.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于igc驱动中的IGC_REMOVED逻辑未正确实现。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-49605
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-49605
请登录查看更多情报信息。
Patches & Fixes for CVE-2022-49605 (5)
Same Patch Batch · Linux · 2025-02-26 · 706 CVEs total
| CVE-2022-49496 | media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko | |
| CVE-2022-49487 | mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() | |
| CVE-2022-49486 | ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe | |
| CVE-2022-49488 | drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected | |
| CVE-2022-49489 | drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm run | |
| CVE-2022-49490 | drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected | |
| CVE-2022-49491 | drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() | |
| CVE-2022-49492 | nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags | |
| CVE-2022-49493 | ASoC: rt5645: Fix errorenous cleanup order | |
| CVE-2022-49494 | mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() | |
| CVE-2022-49495 | drm/msm/hdmi: check return value after calling platform_get_resource_byname() | |
| CVE-2022-49497 | net: remove two BUG() from skb_checksum_help() | |
| CVE-2022-49503 | ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix | |
| CVE-2022-49508 | HID: elan: Fix potential double free in elan_input_configured | |
| CVE-2022-49506 | drm/mediatek: Add vblank register/unregister callback functions | |
| CVE-2022-49504 | scsi: lpfc: Inhibit aborts if external loopback plug is inserted | |
| CVE-2022-49505 | NFC: NULL out the dev->rfkill to prevent UAF | |
| CVE-2022-49502 | media: rga: fix possible memory leak in rga_probe | |
| CVE-2022-49499 | drm/msm: Fix null pointer dereferences without iommu | |
| CVE-2022-49498 | ALSA: pcm: Check for null pointer of pointer substream before dereferencing it |
Showing top 20 of 706 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-45836
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndti - CVE-2026-45835
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_conne - CVE-2026-45834
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_cha - CVE-2026-46300
net: skbuff: preserve shared-frag marker during coalescing - CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-trans
Same vendor: Linux
- CVE-2026-45836
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndti - CVE-2026-45835
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_conne - CVE-2026-45834
Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_cha - CVE-2026-46300
net: skbuff: preserve shared-frag marker during coalescing - CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-trans
V. Comments for CVE-2022-49605
No comments yet