CVE-2025-40104 | ixgbevf: fix mailbox API compatibility by negotiating supported features

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. None of the rest of the Intel 10G PF/VF drivers supports it. And actually lack of support was not included in the IPSec implementation - there were no such code paths. No possibility to negotiate support for the feature was introduced along with introduction of the feature itself. Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") increasing API version to 1.5 did the same - it introduced code supported specifically by the PF ESX driver. It altered API version for the VF driver in the same time not touching the version defined for the PF ixgbe driver. It led to additional discrepancies, as the code provided within API 1.6 cannot be supported for Linux ixgbe driver as it causes crashes. The issue was noticed some time ago and mitigated by Jake within the commit d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5"). As a result we have regression for IPsec support and after increasing API to version 1.6 ixgbevf driver stopped to support ESX MBX. To fix this mess add new mailbox op asking PF driver about supported features. Basing on a response determine whether to set support for IPSec and ESX-specific enhanced mailbox. New mailbox op, for compatibility purposes, must be added within new API revision, as API version of OOT PF & VF drivers is already increased to 1.6 and doesn't incorporate features negotiate op. Features negotiation mechanism gives possibility to be extended with new features when needed in the future.

公開: 2025-10-30 最終更新: 2026-06-17 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 ソース: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

総合評価: CVE-2025-40104 は低リスク(5.9/100)。悪用される可能性が高い(EPSS 0.16%、6 パーセンタイル) 推奨対応: 総合リスクは低く緊急対応は不要です。通常の保守サイクルでパッチを適用し、CVSS / EPSS が上昇したら優先度を見直してください。

リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。

CVE-2025-40104 の EPSS(Exploit Prediction Scoring System)スコア

EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。

# 日付 旧 EPSS スコア 新 EPSS スコア Δ(新 − 旧)
1 2026-06-15 0.06% 0.16% +0.11%
2 2026-04-09 0.04% 0.06% +0.01%
3 2026-03-28 0.04%

EPSS の全履歴 (全 5 件)

CVE-2025-40104 の CVSS(Common Vulnerability Scoring System)指標

この CVE の CVSS 指標。

この CVE のデータセットに CVSS はありません。

CVE-2025-40104 の弱点分類(列挙)

CVE-2025-40104 の OS トラッカー

vendor priority summary link
debian not yet assigned CVE-2025-40104 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5, open 1. https://security-tracker.debian.org/tracker/CVE-2025-40104
redhat medium https://access.redhat.com/security/cve/CVE-2025-40104
suse medium CVE-2025-40104 severity moderate: SUSE including 361 source package names (13.2-6.19:libjitterentropy3-3.4.1-3.1, 13.2-6.19:libopenssl3-3.1.4-6.1, …), 650 product×package rows across 114 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (114 product lines)): Fixed 368, Known Affected 231, Known Not Affected 30, First Fixed 21. https://www.suse.com/security/cve/CVE-2025-40104/
ubuntu medium CVE-2025-40104 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 177, released 127, needed 62, not-affected 27, pending 2. https://ubuntu.com/security/CVE-2025-40104

CVE-2025-40104 の影響を受けるソフトウェア/構成

ベンダー 製品 バージョン 生の CPE
linux linux_kernel >= 4.20, < 6.1.158 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.20, < 6.6.114 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.20, < 6.12.55 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.20, < 6.17.5 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 4.20, < 6.18 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVE-2025-40104 の参考情報

cvelogic Threat Intelligence