5.5

CVE-2026-43094

ixgbevf: add missing negotiate_features op to Hyper-V ops table

In the Linux kernel, the following vulnerability has been resolved:

ixgbevf: add missing negotiate_features op to Hyper-V ops table

Commit a7075f501bd3 ("ixgbevf: fix mailbox API compatibility by
negotiating supported features") added the .negotiate_features callback
to ixgbe_mac_operations and populated it in ixgbevf_mac_ops, but forgot
to add it to ixgbevf_hv_mac_ops. This leaves the function pointer NULL
on Hyper-V VMs.

During probe, ixgbevf_negotiate_api() calls ixgbevf_set_features(),
which unconditionally dereferences hw->mac.ops.negotiate_features().
On Hyper-V this results in a NULL pointer dereference:

  BUG: kernel NULL pointer dereference, address: 0000000000000000
  [...]
  Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine [...]
  Workqueue: events work_for_cpu_fn
  RIP: 0010:0x0
  [...]
  Call Trace:
   ixgbevf_negotiate_api+0x66/0x160 [ixgbevf]
   ixgbevf_sw_init+0xe4/0x1f0 [ixgbevf]
   ixgbevf_probe+0x20f/0x4a0 [ixgbevf]
   local_pci_probe+0x50/0xa0
   work_for_cpu_fn+0x1a/0x30
   [...]

Add ixgbevf_hv_negotiate_features_vf() that returns -EOPNOTSUPP and
wire it into ixgbevf_hv_mac_ops. The caller already handles -EOPNOTSUPP
gracefully.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1.158 < 6.2
LinuxLinux Kernel Version >= 6.6.114 < 6.6.136
LinuxLinux Kernel Version >= 6.12.55 < 6.12.83
LinuxLinux Kernel Version >= 6.17.5 < 6.18
LinuxLinux Kernel Version >= 6.18.1 < 6.18.24
LinuxLinux Kernel Version >= 6.19 < 6.19.14
LinuxLinux Kernel Version6.18 Update-
LinuxLinux Kernel Version6.18 Updaterc2
LinuxLinux Kernel Version6.18 Updaterc3
LinuxLinux Kernel Version6.18 Updaterc4
LinuxLinux Kernel Version6.18 Updaterc5
LinuxLinux Kernel Version6.18 Updaterc6
LinuxLinux Kernel Version6.18 Updaterc7
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/d8a747057a17ffc79e31df1abb11d05e1669d8e5
Patch
https://git.kernel.org/stable/c/2270ebab53128fb73c4a70a292be09094074737f
Patch
https://git.kernel.org/stable/c/4db7b61ec1d1b2b67c0881b62fc4f9583bc21484
Patch
https://git.kernel.org/stable/c/1455ff8809843e6e83f1f5b5c0bcc2224c99a3cb
Patch
https://git.kernel.org/stable/c/4821d563cd7f251ae728be1a6d04af82a294a5b9
Patch
https://git.kernel.org/stable/c/376d74ea03589914fbe2dedcbebf418396c04fd0