Linux Kernel Vulnerability in Intel 10G Adapters Mailbox API
CVE-2025-40104

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40104?

A vulnerability exists in the Linux kernel's handling of mailbox API for Intel's 10G adapters, particularly affecting the ixgbevf driver. Backward compatibility issues arose from the introduction of API version 1.4, which added specific features like IPSec support that were not compatible with other Intel 10G drivers. The subsequent updates to the mailbox communication between Physical Function (PF) and Virtual Function (VF) drivers exacerbated the issue by failing to provide necessary feature negotiation capabilities, compromising system stability. The latest fixes aim to reintroduce a mechanism for negotiating supported features within new API revisions, enabling better compatibility and future feature extensions.

Affected Version(s)

Linux 0062e7cc955e0827a88570ed36ea511a7dcb391e < 871ac1cd4ce4804defcb428cbb003fd84c415ff4

Linux 0062e7cc955e0827a88570ed36ea511a7dcb391e < 2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18

Linux 0062e7cc955e0827a88570ed36ea511a7dcb391e

References

https://git.kernel.org/stable/c/871ac1cd4ce4804defcb428cb...

https://git.kernel.org/stable/c/2e0aab9ddaf1428602c78f120...

https://git.kernel.org/stable/c/bf580112ed61736c2645a8934...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON