CVE-2022-49227 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
igc: avoid kernel warning when changing RX ring parameters
Calling ethtool changing the RX ring parameters like this:
$ ethtool -G eth0 rx 1024
on igc triggers kernel warnings like this:
[ 225.198467] ------------[ cut here ]------------
[ 225.198473] Missing unregister, handled but fix driver
[ 225.198485] WARNING: CPU: 7 PID: 959 at net/core/xdp.c:168
xdp_rxq_info_reg+0x79/0xd0 [...]
[ 225.198601] Call Trace:
[ 225.198604]
[ 225.198609] igc_setup_rx_resources+0x3f/0xe0 [igc]
[ 225.198617] igc_ethtool_set_ringparam+0x30e/0x450 [igc]
[ 225.198626] ethnl_set_rings+0x18a/0x250
[ 225.198631] genl_family_rcv_msg_doit+0xca/0x110
[ 225.198637] genl_rcv_msg+0xce/0x1c0
[ 225.198640] ? rings_prepare_data+0x60/0x60
[ 225.198644] ? genl_get_cmd+0xd0/0xd0
[ 225.198647] netlink_rcv_skb+0x4e/0xf0
[ 225.198652] genl_rcv+0x24/0x40
[ 225.198655] netlink_unicast+0x20e/0x330
[ 225.198659] netlink_sendmsg+0x23f/0x480
[ 225.198663] sock_sendmsg+0x5b/0x60
[ 225.198667] __sys_sendto+0xf0/0x160
[ 225.198671] ? handle_mm_fault+0xb2/0x280
[ 225.198676] ? do_user_addr_fault+0x1eb/0x690
[ 225.198680] __x64_sys_sendto+0x20/0x30
[ 225.198683] do_syscall_64+0x38/0x90
[ 225.198687] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 225.198693] RIP: 0033:0x7f7ae38ac3aa
igc_ethtool_set_ringparam() copies the igc_ring structure but neglects to reset the xdp_rxq_info member before calling igc_setup_rx_resources(). This in turn calls xdp_rxq_info_reg() with an already registered xdp_rxq_info.
Make sure to unregister the xdp_rxq_info structure first in igc_setup_rx_resources.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/21/2025
The vulnerability CVE-2022-49227 affects the Linux kernel's igc driver, specifically addressing a kernel warning that occurs when modifying RX ring parameters through ethtool commands. This issue stems from improper handling of XDP (eXpress Data Path) ring queue information during ring parameter changes, creating a scenario where kernel warnings are generated due to missing unregister operations. The problem manifests when executing commands like ethtool -G eth0 rx 1024 on systems utilizing the igc network driver, which triggers kernel messages indicating that a missing unregister operation has occurred.
The technical flaw resides in the igc_ethtool_set_ringparam() function which copies the igc_ring structure but fails to properly reset the xdp_rxq_info member before invoking igc_setup_rx_resources(). This oversight causes the function to call xdp_rxq_info_reg() with an already registered xdp_rxq_info structure, leading to kernel warnings and potential instability. The call trace demonstrates this sequence beginning with igc_ethtool_set_ringparam() calling igc_setup_rx_resources(), which then invokes xdp_rxq_info_reg() with pre-existing registration data. This pattern violates proper resource management protocols and creates a state where the XDP ring queue information becomes inconsistent.
The operational impact of this vulnerability extends beyond simple kernel warnings to potentially affect network performance and system stability. When the kernel warning occurs, it indicates that the driver is not properly managing XDP ring queue resources, which could lead to resource leaks or inconsistent network behavior. Network administrators who frequently adjust ring parameters through ethtool commands may experience intermittent kernel messages that could obscure other legitimate issues. The vulnerability is particularly concerning in production environments where network configuration changes are routine and could mask underlying problems or cause unexpected behavior in network operations.
This vulnerability maps to CWE-691, which addresses insufficient control of resource identifiers, specifically in the context of improper handling of XDP ring queue registration. The issue also relates to ATT&CK technique T1059.003, which involves command and scripting interpreter usage, as the vulnerability is triggered through standard command-line network configuration tools. Mitigation strategies should focus on ensuring proper resource cleanup before reinitialization, requiring that the xdp_rxq_info structure be properly unregistered before calling igc_setup_rx_resources(). The fix involves modifying the igc_setup_rx_resources() function to unregister existing xdp_rxq_info structures before proceeding with new registrations, thereby preventing the kernel warning and ensuring proper resource management throughout the ring parameter modification process.
The resolution addresses fundamental resource management principles that are critical for maintaining kernel stability and preventing information disclosure through kernel warnings. Proper XDP ring queue handling ensures that network drivers maintain consistent state information and prevent potential exploitation through kernel information leakage. This vulnerability demonstrates the importance of careful resource management in kernel drivers, particularly when dealing with complex networking features like XDP that require precise handling of ring queue structures. System administrators should update to patched kernel versions to eliminate these warnings and ensure stable network operations when adjusting ring parameters through ethtool commands.