{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: igb: Fix igb_down hung on surprise removal",
    "id" : "2395231",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2395231"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1341",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nigb: Fix igb_down hung on surprise removal\nIn a setup where a Thunderbolt hub connects to Ethernet and a display\nthrough USB Type-C, users may experience a hung task timeout when they\nremove the cable between the PC and the Thunderbolt hub.\nThis is because the igb_down function is called multiple times when\nthe Thunderbolt hub is unplugged. For example, the igb_io_error_detected\ntriggers the first call, and the igb_remove triggers the second call.\nThe second call to igb_down will block at napi_synchronize.\nHere's the call trace:\n__schedule+0x3b0/0xddb\n? __mod_timer+0x164/0x5d3\nschedule+0x44/0xa8\nschedule_timeout+0xb2/0x2a4\n? run_local_timers+0x4e/0x4e\nmsleep+0x31/0x38\nigb_down+0x12c/0x22a [igb 6615058754948bfde0bf01429257eb59f13030d4]\n__igb_close+0x6f/0x9c [igb 6615058754948bfde0bf01429257eb59f13030d4]\nigb_close+0x23/0x2b [igb 6615058754948bfde0bf01429257eb59f13030d4]\n__dev_close_many+0x95/0xec\ndev_close_many+0x6e/0x103\nunregister_netdevice_many+0x105/0x5b1\nunregister_netdevice_queue+0xc2/0x10d\nunregister_netdev+0x1c/0x23\nigb_remove+0xa7/0x11c [igb 6615058754948bfde0bf01429257eb59f13030d4]\npci_device_remove+0x3f/0x9c\ndevice_release_driver_internal+0xfe/0x1b4\npci_stop_bus_device+0x5b/0x7f\npci_stop_bus_device+0x30/0x7f\npci_stop_bus_device+0x30/0x7f\npci_stop_and_remove_bus_device+0x12/0x19\npciehp_unconfigure_device+0x76/0xe9\npciehp_disable_slot+0x6e/0x131\npciehp_handle_presence_or_link_change+0x7a/0x3f7\npciehp_ist+0xbe/0x194\nirq_thread_fn+0x22/0x4d\n? irq_thread+0x1fd/0x1fd\nirq_thread+0x17b/0x1fd\n? irq_forced_thread_fn+0x5f/0x5f\nkthread+0x142/0x153\n? __irq_get_irqchip_state+0x46/0x46\n? kthread_associate_blkcg+0x71/0x71\nret_from_fork+0x1f/0x30\nIn this case, igb_io_error_detected detaches the network interface\nand requests a PCIE slot reset, however, the PCIE reset callback is\nnot being invoked and thus the Ethernet connection breaks down.\nAs the PCIE error in this case is a non-fatal one, requesting a\nslot reset can be avoided.\nThis patch fixes the task hung issue and preserves Ethernet\nconnection by ignoring non-fatal PCIE errors." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-05-22T00:00:00Z",
    "advisory" : "RHSA-2024:3138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2394",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.13.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53148\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53148\nhttps://lore.kernel.org/linux-cve-announce/2025091552-CVE-2023-53148-e1b8@gregkh/T" ],
  "name" : "CVE-2023-53148",
  "csaw" : false
}