CVE-2025-40104

UNKNOWN 0.0

ixgbevf: fix mailbox API compatibility by negotiating supported features

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. None of the rest of the Intel 10G PF/VF drivers supports it. And actually lack of support was not included in the IPSec implementation - there were no such code paths. No possibility to negotiate support for the feature was introduced along with introduction of the feature itself. Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") increasing API version to 1.5 did the same - it introduced code supported specifically by the PF ESX driver. It altered API version for the VF driver in the same time not touching the version defined for the PF ixgbe driver. It led to additional discrepancies, as the code provided within API 1.6 cannot be supported for Linux ixgbe driver as it causes crashes. The issue was noticed some time ago and mitigated by Jake within the commit d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5"). As a result we have regression for IPsec support and after increasing API to version 1.6 ixgbevf driver stopped to support ESX MBX. To fix this mess add new mailbox op asking PF driver about supported features. Basing on a response determine whether to set support for IPSec and ESX-specific enhanced mailbox. New mailbox op, for compatibility purposes, must be added within new API revision, as API version of OOT PF & VF drivers is already increased to 1.6 and doesn't incorporate features negotiate op. Features negotiation mechanism gives possibility to be extended with new features when needed in the future.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Oct 30, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

0062e7cc955e0827a88570ed36ea511a7dcb391e < 871ac1cd4ce4804defcb428cbb003fd84c415ff4 0062e7cc955e0827a88570ed36ea511a7dcb391e < 2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18 0062e7cc955e0827a88570ed36ea511a7dcb391e < bf580112ed61736c2645a893413a04732505d4b1 0062e7cc955e0827a88570ed36ea511a7dcb391e < a376e29b1b196dc90b50df7e5e3947e3026300c4 0062e7cc955e0827a88570ed36ea511a7dcb391e < a7075f501bd33c93570af759b6f4302ef0175168

Linux / Linux

4.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/871ac1cd4ce4804defcb428cbb003fd84c415ff4 git.kernel.org: https://git.kernel.org/stable/c/2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18 git.kernel.org: https://git.kernel.org/stable/c/bf580112ed61736c2645a893413a04732505d4b1 git.kernel.org: https://git.kernel.org/stable/c/a376e29b1b196dc90b50df7e5e3947e3026300c4 git.kernel.org: https://git.kernel.org/stable/c/a7075f501bd33c93570af759b6f4302ef0175168