ixgbevf: add missing negotiate_features op to Hyper-V ops table
Summary
| CVE | CVE-2026-43094 |
|---|
| State | PUBLISHED |
|---|
| Assigner | Linux |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2026-05-06 10:16:22 UTC |
|---|
| Updated | 2026-05-06 13:08:07 UTC |
|---|
| Description | In the Linux kernel, the following vulnerability has been resolved:
ixgbevf: add missing negotiate_features op to Hyper-V ops table
Commit a7075f501bd3 ("ixgbevf: fix mailbox API compatibility by
negotiating supported features") added the .negotiate_features callback
to ixgbe_mac_operations and populated it in ixgbevf_mac_ops, but forgot
to add it to ixgbevf_hv_mac_ops. This leaves the function pointer NULL
on Hyper-V VMs.
During probe, ixgbevf_negotiate_api() calls ixgbevf_set_features(),
which unconditionally dereferences hw->mac.ops.negotiate_features().
On Hyper-V this results in a NULL pointer dereference:
BUG: kernel NULL pointer dereference, address: 0000000000000000
[...]
Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine [...]
Workqueue: events work_for_cpu_fn
RIP: 0010:0x0
[...]
Call Trace:
ixgbevf_negotiate_api+0x66/0x160 [ixgbevf]
ixgbevf_sw_init+0xe4/0x1f0 [ixgbevf]
ixgbevf_probe+0x20f/0x4a0 [ixgbevf]
local_pci_probe+0x50/0xa0
work_for_cpu_fn+0x1a/0x30
[...]
Add ixgbevf_hv_negotiate_features_vf() that returns -EOPNOTSUPP and
wire it into ixgbevf_hv_mac_ops. The caller already handles -EOPNOTSUPP
gracefully. |
|---|
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|
| CNA |
Linux |
Linux |
affected 2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18 d8a747057a17ffc79e31df1abb11d05e1669d8e5 git |
Not specified |
| CNA |
Linux |
Linux |
affected bf580112ed61736c2645a893413a04732505d4b1 2270ebab53128fb73c4a70a292be09094074737f git |
Not specified |
| CNA |
Linux |
Linux |
affected a7075f501bd33c93570af759b6f4302ef0175168 4db7b61ec1d1b2b67c0881b62fc4f9583bc21484 git |
Not specified |
| CNA |
Linux |
Linux |
affected a7075f501bd33c93570af759b6f4302ef0175168 1455ff8809843e6e83f1f5b5c0bcc2224c99a3cb git |
Not specified |
| CNA |
Linux |
Linux |
affected a7075f501bd33c93570af759b6f4302ef0175168 4821d563cd7f251ae728be1a6d04af82a294a5b9 git |
Not specified |
| CNA |
Linux |
Linux |
affected 871ac1cd4ce4804defcb428cbb003fd84c415ff4 git |
Not specified |
| CNA |
Linux |
Linux |
affected a376e29b1b196dc90b50df7e5e3947e3026300c4 git |
Not specified |
| CNA |
Linux |
Linux |
affected 6.18 |
Not specified |
| CNA |
Linux |
Linux |
unaffected 6.18 semver |
Not specified |
| CNA |
Linux |
Linux |
unaffected 6.6.136 6.6.* semver |
Not specified |
| CNA |
Linux |
Linux |
unaffected 6.12.83 6.12.* semver |
Not specified |
| CNA |
Linux |
Linux |
unaffected 6.18.24 6.18.* semver |
Not specified |
| CNA |
Linux |
Linux |
unaffected 6.19.14 6.19.* semver |
Not specified |
| CNA |
Linux |
Linux |
unaffected 7.0 * original_commit_for_fix |
Not specified |
References
| Reference | Source | Link | Tags |
|---|
| git.kernel.org/stable/c/1455ff8809843e6e83f1f5b5c0bcc2224c99a3cb |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
git.kernel.org |
|
| git.kernel.org/stable/c/4821d563cd7f251ae728be1a6d04af82a294a5b9 |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
git.kernel.org |
|
| git.kernel.org/stable/c/2270ebab53128fb73c4a70a292be09094074737f |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
git.kernel.org |
|
| git.kernel.org/stable/c/d8a747057a17ffc79e31df1abb11d05e1669d8e5 |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
git.kernel.org |
|
| git.kernel.org/stable/c/4db7b61ec1d1b2b67c0881b62fc4f9583bc21484 |
416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
git.kernel.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.
