{"id":"CVE-2022-49605","summary":"igc: Reinstate IGC_REMOVED logic and implement it properly","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nigc: Reinstate IGC_REMOVED logic and implement it properly\n\nThe initially merged version of the igc driver code (via commit\n146740f9abc4, \"igc: Add support for PF\") contained the following\nIGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors:\n\n\tu32 igc_rd32(struct igc_hw *hw, u32 reg)\n\t{\n\t\tu8 __iomem *hw_addr = READ_ONCE(hw-\u003ehw_addr);\n\t\tu32 value = 0;\n\n\t\tif (IGC_REMOVED(hw_addr))\n\t\t\treturn ~value;\n\n\t\tvalue = readl(&hw_addr[reg]);\n\n\t\t/* reads should not return all F's */\n\t\tif (!(~value) && (!reg || !(~readl(hw_addr))))\n\t\t\thw-\u003ehw_addr = NULL;\n\n\t\treturn value;\n\t}\n\nAnd:\n\n\t#define wr32(reg, val) \\\n\tdo { \\\n\t\tu8 __iomem *hw_addr = READ_ONCE((hw)-\u003ehw_addr); \\\n\t\tif (!IGC_REMOVED(hw_addr)) \\\n\t\t\twritel((val), &hw_addr[(reg)]); \\\n\t} while (0)\n\nE.g. igb has similar checks in its MMIO accessors, and has a similar\nmacro E1000_REMOVED, which is implemented as follows:\n\n\t#define E1000_REMOVED(h) unlikely(!(h))\n\nThese checks serve to detect and take note of an 0xffffffff MMIO read\nreturn from the device, which can be caused by a PCIe link flap or some\nother kind of PCI bus error, and to avoid performing MMIO reads and\nwrites from that point onwards.\n\nHowever, the IGC_REMOVED macro was not originally implemented:\n\n\t#ifndef IGC_REMOVED\n\t#define IGC_REMOVED(a) (0)\n\t#endif /* IGC_REMOVED */\n\nThis led to the IGC_REMOVED logic to be removed entirely in a\nsubsequent commit (commit 3c215fb18e70, \"igc: remove IGC_REMOVED\nfunction\"), with the rationale that such checks matter only for\nvirtualization and that igc does not support virtualization -- but a\nPCIe device can become detached even without virtualization being in\nuse, and without proper checks, a PCIe bus error affecting an igc\nadapter will lead to various NULL pointer dereferences, as the first\naccess after the error will set hw-\u003ehw_addr to NULL, and subsequent\naccesses will blindly dereference this now-NULL pointer.\n\nThis patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and\nimplements IGC_REMOVED the way it is done for igb, by checking for the\nunlikely() case of hw_addr being NULL.  This change prevents the oopses\nseen when a PCIe link flap occurs on an igc adapter.","modified":"2026-03-10T21:52:16.062586Z","published":"2025-02-26T02:23:30.873Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1293-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49605.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/16cb6717f4f42487ef10583eb8bc98e7d1e33d65"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70965b6e5c03aa70cc754af1226b9f9cde0c4bf3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/77836dbe35382aaf8108489060c5c89530c77494"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7c1ddcee5311f3315096217881d2dbe47cc683f9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e75b73081f1ec169518773626c2ff3950476660b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49605.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49605"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"146740f9abc4976e4f0af1aa302efee1c699d2e4"},{"fixed":"16cb6717f4f42487ef10583eb8bc98e7d1e33d65"},{"fixed":"77836dbe35382aaf8108489060c5c89530c77494"},{"fixed":"e75b73081f1ec169518773626c2ff3950476660b"},{"fixed":"70965b6e5c03aa70cc754af1226b9f9cde0c4bf3"},{"fixed":"7c1ddcee5311f3315096217881d2dbe47cc683f9"}]}],"versions":["v4.19","v4.19-rc8","v4.20","v4.20-rc1","v4.20-rc2","v4.20-rc3","v4.20-rc4","v4.20-rc5","v4.20-rc6","v4.20-rc7","v5.0","v5.0-rc1","v5.0-rc2","v5.0-rc3","v5.0-rc4","v5.0-rc5","v5.0-rc6","v5.0-rc7","v5.0-rc8","v5.1","v5.1-rc1","v5.1-rc2","v5.1-rc3","v5.1-rc4","v5.1-rc5","v5.1-rc6","v5.1-rc7","v5.10","v5.10-rc1","v5.10-rc2","v5.10-rc3","v5.10-rc4","v5.10-rc5","v5.10-rc6","v5.10-rc7","v5.10.1","v5.10.10","v5.10.100","v5.10.101","v5.10.102","v5.10.103","v5.10.104","v5.10.105","v5.10.106","v5.10.107","v5.10.108","v5.10.109","v5.10.11","v5.10.110","v5.10.111","v5.10.112","v5.10.113","v5.10.114","v5.10.115","v5.10.116","v5.10.117","v5.10.118","v5.10.119","v5.10.12","v5.10.120","v5.10.121","v5.10.122","v5.10.123","v5.10.124","v5.10.125","v5.10.126","v5.10.127","v5.10.128","v5.10.129","v5.10.13","v5.10.130","v5.10.131","v5.10.132","v5.10.133","v5.10.14","v5.10.15","v5.10.16","v5.10.17","v5.10.18","v5.10.19","v5.10.2","v5.10.20","v5.10.21","v5.10.22","v5.10.23","v5.10.24","v5.10.25","v5.10.26","v5.10.27","v5.10.28","v5.10.29","v5.10.3","v5.10.30","v5.10.31","v5.10.32","v5.10.33","v5.10.34","v5.10.35","v5.10.36","v5.10.37","v5.10.38","v5.10.39","v5.10.4","v5.10.40","v5.10.41","v5.10.42","v5.10.43","v5.10.44","v5.10.45","v5.10.46","v5.10.47","v5.10.48","v5.10.49","v5.10.5","v5.10.50","v5.10.51","v5.10.52","v5.10.53","v5.10.54","v5.10.55","v5.10.56","v5.10.57","v5.10.58","v5.10.59","v5.10.6","v5.10.60","v5.10.61","v5.10.62","v5.10.63","v5.10.64","v5.10.65","v5.10.66","v5.10.67","v5.10.68","v5.10.69","v5.10.7","v5.10.70","v5.10.71","v5.10.72","v5.10.73","v5.10.74","v5.10.75","v5.10.76","v5.10.77","v5.10.78","v5.10.79","v5.10.8","v5.10.80","v5.10.81","v5.10.82","v5.10.83","v5.10.84","v5.10.85","v5.10.86","v5.10.87","v5.10.88","v5.10.89","v5.10.9","v5.10.90","v5.10.91","v5.10.92","v5.10.93","v5.10.94","v5.10.95","v5.10.96","v5.10.97","v5.10.98","v5.10.99","v5.11","v5.11-rc1","v5.11-rc2","v5.11-rc3","v5.11-rc4","v5.11-rc5","v5.11-rc6","v5.11-rc7","v5.12","v5.12-rc1","v5.12-rc1-dontuse","v5.12-rc2","v5.12-rc3","v5.12-rc4","v5.12-rc5","v5.12-rc6","v5.12-rc7","v5.12-rc8","v5.13","v5.13-rc1","v5.13-rc2","v5.13-rc3","v5.13-rc4","v5.13-rc5","v5.13-rc6","v5.13-rc7","v5.14","v5.14-rc1","v5.14-rc2","v5.14-rc3","v5.14-rc4","v5.14-rc5","v5.14-rc6","v5.14-rc7","v5.15","v5.15-rc1","v5.15-rc2","v5.15-rc3","v5.15-rc4","v5.15-rc5","v5.15-rc6","v5.15-rc7","v5.15.1","v5.15.10","v5.15.11","v5.15.12","v5.15.13","v5.15.14","v5.15.15","v5.15.16","v5.15.17","v5.15.18","v5.15.19","v5.15.2","v5.15.20","v5.15.21","v5.15.22","v5.15.23","v5.15.24","v5.15.25","v5.15.26","v5.15.27","v5.15.28","v5.15.29","v5.15.3","v5.15.30","v5.15.31","v5.15.32","v5.15.33","v5.15.34","v5.15.35","v5.15.36","v5.15.37","v5.15.38","v5.15.39","v5.15.4","v5.15.40","v5.15.41","v5.15.42","v5.15.43","v5.15.44","v5.15.45","v5.15.46","v5.15.47","v5.15.48","v5.15.49","v5.15.5","v5.15.50","v5.15.51","v5.15.52","v5.15.53","v5.15.54","v5.15.55","v5.15.56","v5.15.57","v5.15.6","v5.15.7","v5.15.8","v5.15.9","v5.16","v5.16-rc1","v5.16-rc2","v5.16-rc3","v5.16-rc4","v5.16-rc5","v5.16-rc6","v5.16-rc7","v5.16-rc8","v5.17","v5.17-rc1","v5.17-rc2","v5.17-rc3","v5.17-rc4","v5.17-rc5","v5.17-rc6","v5.17-rc7","v5.17-rc8","v5.18","v5.18-rc1","v5.18-rc2","v5.18-rc3","v5.18-rc4","v5.18-rc5","v5.18-rc6","v5.18-rc7","v5.18.1","v5.18.10","v5.18.11","v5.18.12","v5.18.13","v5.18.14","v5.18.2","v5.18.3","v5.18.4","v5.18.5","v5.18.6","v5.18.7","v5.18.8","v5.18.9","v5.19-rc1","v5.19-rc2","v5.19-rc3","v5.19-rc4","v5.19-rc5","v5.2","v5.2-rc1","v5.2-rc2","v5.2-rc3","v5.2-rc4","v5.2-rc5","v5.2-rc6","v5.2-rc7","v5.3","v5.3-rc1","v5.3-rc2","v5.3-rc3","v5.3-rc4","v5.3-rc5","v5.3-rc6","v5.3-rc7","v5.3-rc8","v5.4","v5.4-rc1","v5.4-rc2","v5.4-rc3","v5.4-rc4","v5.4-rc5","v5.4-rc6","v5.4-rc7","v5.4-rc8","v5.4.1","v5.4.10","v5.4.100","v5.4.101","v5.4.102","v5.4.103","v5.4.104","v5.4.105","v5.4.106","v5.4.107","v5.4.108","v5.4.109","v5.4.11","v5.4.110","v5.4.111","v5.4.112","v5.4.113","v5.4.114","v5.4.115","v5.4.116","v5.4.117","v5.4.118","v5.4.119","v5.4.12","v5.4.120","v5.4.121","v5.4.122","v5.4.123","v5.4.124","v5.4.125","v5.4.126","v5.4.127","v5.4.128","v5.4.129","v5.4.13","v5.4.130","v5.4.131","v5.4.132","v5.4.133","v5.4.134","v5.4.135","v5.4.136","v5.4.137","v5.4.138","v5.4.139","v5.4.14","v5.4.140","v5.4.141","v5.4.142","v5.4.143","v5.4.144","v5.4.145","v5.4.146","v5.4.147","v5.4.148","v5.4.149","v5.4.15","v5.4.150","v5.4.151","v5.4.152","v5.4.153","v5.4.154","v5.4.155","v5.4.156","v5.4.157","v5.4.158","v5.4.159","v5.4.16","v5.4.160","v5.4.161","v5.4.162","v5.4.163","v5.4.164","v5.4.165","v5.4.166","v5.4.167","v5.4.168","v5.4.169","v5.4.17","v5.4.170","v5.4.171","v5.4.172","v5.4.173","v5.4.174","v5.4.175","v5.4.176","v5.4.177","v5.4.178","v5.4.179","v5.4.18","v5.4.180","v5.4.181","v5.4.182","v5.4.183","v5.4.184","v5.4.185","v5.4.186","v5.4.187","v5.4.188","v5.4.189","v5.4.19","v5.4.190","v5.4.191","v5.4.192","v5.4.193","v5.4.194","v5.4.195","v5.4.196","v5.4.197","v5.4.198","v5.4.199","v5.4.2","v5.4.20","v5.4.200","v5.4.201","v5.4.202","v5.4.203","v5.4.204","v5.4.205","v5.4.206","v5.4.207","v5.4.21","v5.4.22","v5.4.23","v5.4.24","v5.4.25","v5.4.26","v5.4.27","v5.4.28","v5.4.29","v5.4.3","v5.4.30","v5.4.31","v5.4.32","v5.4.33","v5.4.34","v5.4.35","v5.4.36","v5.4.37","v5.4.38","v5.4.39","v5.4.4","v5.4.40","v5.4.41","v5.4.42","v5.4.43","v5.4.44","v5.4.45","v5.4.46","v5.4.47","v5.4.48","v5.4.49","v5.4.5","v5.4.50","v5.4.51","v5.4.52","v5.4.53","v5.4.54","v5.4.55","v5.4.56","v5.4.57","v5.4.58","v5.4.59","v5.4.6","v5.4.60","v5.4.61","v5.4.62","v5.4.63","v5.4.64","v5.4.65","v5.4.66","v5.4.67","v5.4.68","v5.4.69","v5.4.7","v5.4.70","v5.4.71","v5.4.72","v5.4.73","v5.4.74","v5.4.75","v5.4.76","v5.4.77","v5.4.78","v5.4.79","v5.4.8","v5.4.80","v5.4.81","v5.4.82","v5.4.83","v5.4.84","v5.4.85","v5.4.86","v5.4.87","v5.4.88","v5.4.89","v5.4.9","v5.4.90","v5.4.91","v5.4.92","v5.4.93","v5.4.94","v5.4.95","v5.4.96","v5.4.97","v5.4.98","v5.4.99","v5.5","v5.5-rc1","v5.5-rc2","v5.5-rc3","v5.5-rc4","v5.5-rc5","v5.5-rc6","v5.5-rc7","v5.6","v5.6-rc1","v5.6-rc2","v5.6-rc3","v5.6-rc4","v5.6-rc5","v5.6-rc6","v5.6-rc7","v5.7","v5.7-rc1","v5.7-rc2","v5.7-rc3","v5.7-rc4","v5.7-rc5","v5.7-rc6","v5.7-rc7","v5.8","v5.8-rc1","v5.8-rc2","v5.8-rc3","v5.8-rc4","v5.8-rc5","v5.8-rc6","v5.8-rc7","v5.9","v5.9-rc1","v5.9-rc2","v5.9-rc3","v5.9-rc4","v5.9-rc5","v5.9-rc6","v5.9-rc7","v5.9-rc8"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["255901005877124612690530619387513672205","148447149916807643611891951291499888688","272850795293922626402789801662177263980","198285767118675981254204351128531523179"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77836dbe35382aaf8108489060c5c89530c77494","signature_type":"Line","id":"CVE-2022-49605-03306b04","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_regs.h"}},{"digest":{"threshold":0.9,"line_hashes":["255901005877124612690530619387513672205","148447149916807643611891951291499888688","272850795293922626402789801662177263980","198285767118675981254204351128531523179"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c1ddcee5311f3315096217881d2dbe47cc683f9","signature_type":"Line","id":"CVE-2022-49605-1534b938","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_regs.h"}},{"digest":{"length":517,"function_hash":"33063669169191454738615702637276938921"},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c1ddcee5311f3315096217881d2dbe47cc683f9","signature_type":"Function","id":"CVE-2022-49605-2bdfae5a","deprecated":false,"target":{"function":"igc_rd32","file":"drivers/net/ethernet/intel/igc/igc_main.c"}},{"digest":{"threshold":0.9,"line_hashes":["176460911432945149977784333411862978820","141274228294736719723885946717886695260","12683682272747805991246376409881415416"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c1ddcee5311f3315096217881d2dbe47cc683f9","signature_type":"Line","id":"CVE-2022-49605-5497668b","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_main.c"}},{"digest":{"length":517,"function_hash":"33063669169191454738615702637276938921"},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77836dbe35382aaf8108489060c5c89530c77494","signature_type":"Function","id":"CVE-2022-49605-59a2a329","deprecated":false,"target":{"function":"igc_rd32","file":"drivers/net/ethernet/intel/igc/igc_main.c"}},{"digest":{"threshold":0.9,"line_hashes":["176460911432945149977784333411862978820","141274228294736719723885946717886695260","12683682272747805991246376409881415416"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70965b6e5c03aa70cc754af1226b9f9cde0c4bf3","signature_type":"Line","id":"CVE-2022-49605-5efebe86","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_main.c"}},{"digest":{"threshold":0.9,"line_hashes":["255901005877124612690530619387513672205","148447149916807643611891951291499888688","272850795293922626402789801662177263980","198285767118675981254204351128531523179"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70965b6e5c03aa70cc754af1226b9f9cde0c4bf3","signature_type":"Line","id":"CVE-2022-49605-5fe9221b","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_regs.h"}},{"digest":{"length":517,"function_hash":"33063669169191454738615702637276938921"},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e75b73081f1ec169518773626c2ff3950476660b","signature_type":"Function","id":"CVE-2022-49605-6ec70d01","deprecated":false,"target":{"function":"igc_rd32","file":"drivers/net/ethernet/intel/igc/igc_main.c"}},{"digest":{"threshold":0.9,"line_hashes":["176460911432945149977784333411862978820","141274228294736719723885946717886695260","12683682272747805991246376409881415416"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@77836dbe35382aaf8108489060c5c89530c77494","signature_type":"Line","id":"CVE-2022-49605-7030b199","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_main.c"}},{"digest":{"length":517,"function_hash":"33063669169191454738615702637276938921"},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70965b6e5c03aa70cc754af1226b9f9cde0c4bf3","signature_type":"Function","id":"CVE-2022-49605-97e48b5a","deprecated":false,"target":{"function":"igc_rd32","file":"drivers/net/ethernet/intel/igc/igc_main.c"}},{"digest":{"threshold":0.9,"line_hashes":["255901005877124612690530619387513672205","148447149916807643611891951291499888688","272850795293922626402789801662177263980","198285767118675981254204351128531523179"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e75b73081f1ec169518773626c2ff3950476660b","signature_type":"Line","id":"CVE-2022-49605-c8f4abf6","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_regs.h"}},{"digest":{"threshold":0.9,"line_hashes":["176460911432945149977784333411862978820","141274228294736719723885946717886695260","12683682272747805991246376409881415416"]},"signature_version":"v1","source":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e75b73081f1ec169518773626c2ff3950476660b","signature_type":"Line","id":"CVE-2022-49605-fabc25a6","deprecated":false,"target":{"file":"drivers/net/ethernet/intel/igc/igc_main.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49605.json"}}],"schema_version":"1.7.3"}