CVE-2022-49605 | igc: Reinstate IGC_REMOVED logic and implement it properly

In the Linux kernel, the following vulnerability has been resolved: igc: Reinstate IGC_REMOVED logic and implement it properly The initially merged version of the igc driver code (via commit 146740f9abc4, "igc: Add support for PF") contained the following IGC_REMOVED checks in the igc_rd32/wr32() MMIO accessors: u32 igc_rd32(struct igc_hw *hw, u32 reg) { u8 __iomem *hw_addr = READ_ONCE(hw->hw_addr); u32 value = 0; if (IGC_REMOVED(hw_addr)) return ~value; value = readl(&hw_addr[reg]); /* reads should not return all F's */ if (!(~value) && (!reg || !(~readl(hw_addr)))) hw->hw_addr = NULL; return value; } And: #define wr32(reg, val) \ do { \ u8 __iomem *hw_addr = READ_ONCE((hw)->hw_addr); \ if (!IGC_REMOVED(hw_addr)) \ writel((val), &hw_addr[(reg)]); \ } while (0) E.g. igb has similar checks in its MMIO accessors, and has a similar macro E1000_REMOVED, which is implemented as follows: #define E1000_REMOVED(h) unlikely(!(h)) These checks serve to detect and take note of an 0xffffffff MMIO read return from the device, which can be caused by a PCIe link flap or some other kind of PCI bus error, and to avoid performing MMIO reads and writes from that point onwards. However, the IGC_REMOVED macro was not originally implemented: #ifndef IGC_REMOVED #define IGC_REMOVED(a) (0) #endif /* IGC_REMOVED */ This led to the IGC_REMOVED logic to be removed entirely in a subsequent commit (commit 3c215fb18e70, "igc: remove IGC_REMOVED function"), with the rationale that such checks matter only for virtualization and that igc does not support virtualization -- but a PCIe device can become detached even without virtualization being in use, and without proper checks, a PCIe bus error affecting an igc adapter will lead to various NULL pointer dereferences, as the first access after the error will set hw->hw_addr to NULL, and subsequent accesses will blindly dereference this now-NULL pointer. This patch reinstates the IGC_REMOVED checks in igc_rd32/wr32(), and implements IGC_REMOVED the way it is done for igb, by checking for the unlikely() case of hw_addr being NULL. This change prevents the oopses seen when a PCIe link flap occurs on an igc adapter.

Published: 2025-02-26 Last update: 2025-10-23 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-49605 is rated Low Risk (34.3/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.15%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-49605

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-04-06 0.04% 0.15% +0.11%
2 2025-11-21 0.06% 0.04% -0.02%
3 2025-11-18 0.06%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-49605

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.8 3.6 [email protected]

Weakness enumeration for CVE-2022-49605

OS Trackers for CVE-2022-49605

vendor priority summary link
debian not yet assigned CVE-2022-49605 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2022-49605
redhat medium https://access.redhat.com/security/cve/CVE-2022-49605
suse medium https://www.suse.com/security/cve/CVE-2022-49605/
ubuntu medium CVE-2022-49605 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1551 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 1145, ignored 146, released 135, not-affected 124, needs-triage 1. https://ubuntu.com/security/CVE-2022-49605

Affected software / configurations for CVE-2022-49605

Vendor Product Version Raw CPE
linux linux_kernel >= 4.20, < 5.4.208 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.5, < 5.10.134 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.11, < 5.15.58 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.16, < 5.18.15 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel 5.19 cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*
linux linux_kernel 5.19 cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*
linux linux_kernel 5.19 cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*
linux linux_kernel 5.19 cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*
linux linux_kernel 5.19 cpe:2.3:o:linux:linux_kernel:5.19:rc5:*:*:*:*:*:*
linux linux_kernel 5.19 cpe:2.3:o:linux:linux_kernel:5.19:rc6:*:*:*:*:*:*
linux linux_kernel 5.19 cpe:2.3:o:linux:linux_kernel:5.19:rc7:*:*:*:*:*:*

References for CVE-2022-49605

cvelogic Threat Intelligence