CVE-2023-54070

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contained a flaw in the igb driver related to Single Root I/O Virtualization (SR-IOV). Specifically, the cleanup process was incomplete when enabling SR-IOV, potentially leading to hangs or crashes when the igb module was removed, particularly on systems with 82580 network adapters. The issue stemmed from a failure in the pci enable sriov() function, causing the driver to incorrectly assume Virtual Functions (VFs) were set up when they were not. This was triggered by a commit that changed the error handling in igb enable sriov(). A reproducer script involving repeated module loading and unloading was identified to demonstrate the problem. The issue was observed on 82580 quad and dual-port adapters, but not on 82576, i350, and i210 adapters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.