CVE-2025-40104: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-40104 is a vulnerability in the Linux kernel affecting the ixgbevf driver's mailbox API compatibility. The vulnerability was discovered and disclosed on October 30, 2025. The issue specifically affects various drivers from different operating systems supporting 10G adapters from Intel's portfolio (NVD, Debian Tracker).

The vulnerability stems from broken backward compatibility in the mailbox API introduced with API version 1.4. The issue involves multiple components, including IPSec support added in version 1.4 and new mailbox communication between PF and VF in version 1.5. The vulnerability has received a CVSS 3.1 base score of 7.0 with vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating high severity with local access required (Red Hat XML).

The vulnerability causes crashes in the Linux ixgbe driver when using API 1.6 and results in regression for IPsec support. Additionally, after increasing API to version 1.6, the ixgbevf driver stopped supporting ESX MBX, affecting the overall functionality of the network adapter drivers (NVD).

A fix has been implemented by adding a new mailbox operation that asks the PF driver about supported features. The solution determines whether to set support for IPSec and ESX-specific enhanced mailbox based on the response. The fix has been incorporated into version 6.17.6-1 of the Linux kernel (Debian Tracker).