CVE-2025-40104— ixgbevf: fix mailbox API compatibility by negotiating supported features
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-40104
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ixgbevf: fix mailbox API compatibility by negotiating supported features
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. None of the rest of the Intel 10G PF/VF drivers supports it. And actually lack of support was not included in the IPSec implementation - there were no such code paths. No possibility to negotiate support for the feature was introduced along with introduction of the feature itself. Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") increasing API version to 1.5 did the same - it introduced code supported specifically by the PF ESX driver. It altered API version for the VF driver in the same time not touching the version defined for the PF ixgbe driver. It led to additional discrepancies, as the code provided within API 1.6 cannot be supported for Linux ixgbe driver as it causes crashes. The issue was noticed some time ago and mitigated by Jake within the commit d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5"). As a result we have regression for IPsec support and after increasing API to version 1.6 ixgbevf driver stopped to support ESX MBX. To fix this mess add new mailbox op asking PF driver about supported features. Basing on a response determine whether to set support for IPSec and ESX-specific enhanced mailbox. New mailbox op, for compatibility purposes, must be added within new API revision, as API version of OOT PF & VF drivers is already increased to 1.6 and doesn't incorporate features negotiate op. Features negotiation mechanism gives possibility to be extended with new features when needed in the future.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未正确协商支持的功能,可能导致API兼容性问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-40104
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-40104
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-10-30 · 20 CVEs total
| CVE-2025-40095 | usb: gadget: f_rndis: Refactor bind path to use __free() | |
| CVE-2025-40105 | vfs: Don't leak disconnected dentries on umount | |
| CVE-2025-40103 | smb: client: Fix refcount leak for cifs_sb_tlink | |
| CVE-2025-40102 | KVM: arm64: Prevent access to vCPU events before init | |
| CVE-2025-40100 | btrfs: do not assert we found block group item when creating free space tree | |
| CVE-2025-40101 | btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST | |
| CVE-2025-40099 | cifs: parse_dfs_referrals: prevent oob on malformed input | |
| CVE-2025-40098 | ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() | |
| CVE-2025-40097 | ALSA: hda: Fix missing pointer check in hda_component_manager_init function | |
| CVE-2025-40096 | drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies | |
| CVE-2025-40086 | drm/xe: Don't allow evicting of BOs in same VM in array of VM binds | |
| CVE-2025-40094 | usb: gadget: f_acm: Refactor bind path to use __free() | |
| CVE-2025-40093 | usb: gadget: f_ecm: Refactor bind path to use __free() | |
| CVE-2025-40092 | usb: gadget: f_ncm: Refactor bind path to use __free() | |
| CVE-2025-40090 | ksmbd: fix recursive locking in RPC handle list access | |
| CVE-2025-40091 | ixgbe: fix too early devlink_free() in ixgbe_remove() | |
| CVE-2025-40089 | cxl/features: Add check for no entries in cxl_feature_info | |
| CVE-2025-40088 | hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() | |
| CVE-2025-40087 | NFSD: Define a proc_layoutcommit for the FlexFiles layout type |
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2025-40104
No comments yet