{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40104", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.165Z", "datePublished": "2025-10-30T09:48:09.051Z", "dateUpdated": "2025-10-30T09:48:09.051Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-30T09:48:09.051Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF & VF drivers is already increased to\n1.6 and doesn't incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ixgbevf/ipsec.c", "drivers/net/ethernet/intel/ixgbevf/ixgbevf.h", "drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c", "drivers/net/ethernet/intel/ixgbevf/mbx.h", "drivers/net/ethernet/intel/ixgbevf/vf.c", "drivers/net/ethernet/intel/ixgbevf/vf.h"], "versions": [{"version": "0062e7cc955e0827a88570ed36ea511a7dcb391e", "lessThan": "871ac1cd4ce4804defcb428cbb003fd84c415ff4", "status": "affected", "versionType": "git"}, {"version": "0062e7cc955e0827a88570ed36ea511a7dcb391e", "lessThan": "2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18", "status": "affected", "versionType": "git"}, {"version": "0062e7cc955e0827a88570ed36ea511a7dcb391e", "lessThan": "bf580112ed61736c2645a893413a04732505d4b1", "status": "affected", "versionType": "git"}, {"version": "0062e7cc955e0827a88570ed36ea511a7dcb391e", "lessThan": "a376e29b1b196dc90b50df7e5e3947e3026300c4", "status": "affected", "versionType": "git"}, {"version": "0062e7cc955e0827a88570ed36ea511a7dcb391e", "lessThan": "a7075f501bd33c93570af759b6f4302ef0175168", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ixgbevf/ipsec.c", "drivers/net/ethernet/intel/ixgbevf/ixgbevf.h", "drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c", "drivers/net/ethernet/intel/ixgbevf/mbx.h", "drivers/net/ethernet/intel/ixgbevf/vf.c", "drivers/net/ethernet/intel/ixgbevf/vf.h"], "versions": [{"version": "4.20", "status": "affected"}, {"version": "0", "lessThan": "4.20", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.158", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.114", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.55", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.5", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.1.158"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.6.114"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.12.55"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.17.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.20", "versionEndExcluding": "6.18-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/871ac1cd4ce4804defcb428cbb003fd84c415ff4"}, {"url": "https://git.kernel.org/stable/c/2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18"}, {"url": "https://git.kernel.org/stable/c/bf580112ed61736c2645a893413a04732505d4b1"}, {"url": "https://git.kernel.org/stable/c/a376e29b1b196dc90b50df7e5e3947e3026300c4"}, {"url": "https://git.kernel.org/stable/c/a7075f501bd33c93570af759b6f4302ef0175168"}], "title": "ixgbevf: fix mailbox API compatibility by negotiating supported features", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF & VF drivers is already increased to\n1.6 and doesn't incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future."}], "id": "CVE-2025-40104", "lastModified": "2025-10-30T15:03:13.440", "metrics": {}, "published": "2025-10-30T10:15:34.783", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/871ac1cd4ce4804defcb428cbb003fd84c415ff4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a376e29b1b196dc90b50df7e5e3947e3026300c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a7075f501bd33c93570af759b6f4302ef0175168"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bf580112ed61736c2645a893413a04732505d4b1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ixgbevf: fix mailbox API compatibility by negotiating supported features", "id": "2407348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407348"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-40104", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40104\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40104\nhttps://lore.kernel.org/linux-cve-announce/2025103018-CVE-2025-40104-d5a7@gregkh/T"], "threat_severity": "Important"}

{"created": "2025-10-30T14:37:24.582636+00:00", "updated": "2025-10-30T14:37:24.582671+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}