lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025103018-CVE-2025-40104-d5a7@gregkh>
Date: Thu, 30 Oct 2025 10:48:31 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-40104: ixgbevf: fix mailbox API compatibility by negotiating supported features

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ixgbevf: fix mailbox API compatibility by negotiating supported features

There was backward compatibility in the terms of mailbox API. Various
drivers from various OSes supporting 10G adapters from Intel portfolio
could easily negotiate mailbox API.

This convention has been broken since introducing API 1.4.
Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support
for IPSec which is specific only for the kernel ixgbe driver. None of the
rest of the Intel 10G PF/VF drivers supports it. And actually lack of
support was not included in the IPSec implementation - there were no such
code paths. No possibility to negotiate support for the feature was
introduced along with introduction of the feature itself.

Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication
between PF and VF") increasing API version to 1.5 did the same - it
introduced code supported specifically by the PF ESX driver. It altered API
version for the VF driver in the same time not touching the version
defined for the PF ixgbe driver. It led to additional discrepancies,
as the code provided within API 1.6 cannot be supported for Linux ixgbe
driver as it causes crashes.

The issue was noticed some time ago and mitigated by Jake within the commit
d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5").
As a result we have regression for IPsec support and after increasing API
to version 1.6 ixgbevf driver stopped to support ESX MBX.

To fix this mess add new mailbox op asking PF driver about supported
features. Basing on a response determine whether to set support for IPSec
and ESX-specific enhanced mailbox.

New mailbox op, for compatibility purposes, must be added within new API
revision, as API version of OOT PF & VF drivers is already increased to
1.6 and doesn't incorporate features negotiate op.

Features negotiation mechanism gives possibility to be extended with new
features when needed in the future.

The Linux kernel CVE team has assigned CVE-2025-40104 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.20 with commit 0062e7cc955e0827a88570ed36ea511a7dcb391e and fixed in 6.1.158 with commit 871ac1cd4ce4804defcb428cbb003fd84c415ff4
	Issue introduced in 4.20 with commit 0062e7cc955e0827a88570ed36ea511a7dcb391e and fixed in 6.6.114 with commit 2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18
	Issue introduced in 4.20 with commit 0062e7cc955e0827a88570ed36ea511a7dcb391e and fixed in 6.12.55 with commit bf580112ed61736c2645a893413a04732505d4b1
	Issue introduced in 4.20 with commit 0062e7cc955e0827a88570ed36ea511a7dcb391e and fixed in 6.17.5 with commit a376e29b1b196dc90b50df7e5e3947e3026300c4
	Issue introduced in 4.20 with commit 0062e7cc955e0827a88570ed36ea511a7dcb391e and fixed in 6.18-rc2 with commit a7075f501bd33c93570af759b6f4302ef0175168

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-40104
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/net/ethernet/intel/ixgbevf/ipsec.c
	drivers/net/ethernet/intel/ixgbevf/ixgbevf.h
	drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
	drivers/net/ethernet/intel/ixgbevf/mbx.h
	drivers/net/ethernet/intel/ixgbevf/vf.c
	drivers/net/ethernet/intel/ixgbevf/vf.h


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/871ac1cd4ce4804defcb428cbb003fd84c415ff4
	https://git.kernel.org/stable/c/2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18
	https://git.kernel.org/stable/c/bf580112ed61736c2645a893413a04732505d4b1
	https://git.kernel.org/stable/c/a376e29b1b196dc90b50df7e5e3947e3026300c4
	https://git.kernel.org/stable/c/a7075f501bd33c93570af759b6f4302ef0175168

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ