CVE-2023-53148: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53148 is a vulnerability in the Linux kernel affecting the Intel Gigabit Ethernet (igb) driver. The issue was discovered and disclosed on September 15, 2025, affecting systems where a Thunderbolt hub connects to Ethernet and a display through USB Type-C (NVD).

The vulnerability occurs when the igb_down function is called multiple times during a Thunderbolt hub unplug event. Specifically, the first call is triggered by igb_io_error_detected and the second by igb_remove. The second call to igb_down blocks at napi_synchronize, causing a hung task timeout. In this scenario, igb_io_error_detected detaches the network interface and requests a PCIE slot reset, but the PCIE reset callback is not invoked, resulting in the Ethernet connection breaking down (NVD).

When exploited, this vulnerability causes a system hang when users remove the cable between the PC and the Thunderbolt hub, leading to potential system unresponsiveness and disruption of network connectivity (NVD).

The issue has been fixed in various Linux distributions including Ubuntu 22.04 LTS (jammy), 20.04 LTS (focal), and other versions. The fix involves modifying the driver to ignore non-fatal PCIE errors, as requesting a slot reset is unnecessary in this case. This preserves the Ethernet connection and prevents the task hung issue (Ubuntu).