CVE-2026-43094

In the Linux kernel, the following vulnerability has been resolved:

ixgbevf: add missing negotiate features op to Hyper-V ops table

Commit a7075f501bd3 ("ixgbevf: fix mailbox API compatibility by negotiating supported features") added the .negotiate features callback to ixgbe mac operations and populated it in ixgbevf mac ops, but forgot to add it to ixgbevf hv mac ops. This leaves the function pointer NULL on Hyper-V VMs.

During probe, ixgbevf negotiate api() calls ixgbevf set features(), which unconditionally dereferences hw->mac.ops.negotiate features(). On Hyper-V this results in a NULL pointer dereference:

BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine [...] Workqueue: events work for cpu fn RIP: 0010:0x0 [...] Call Trace: ixgbevf negotiate api+0x66/0x160 [ixgbevf] ixgbevf sw init+0xe4/0x1f0 [ixgbevf] ixgbevf probe+0x20f/0x4a0 [ixgbevf] local pci probe+0x50/0xa0 work for cpu fn+0x1a/0x30 [...]

Add ixgbevf hv negotiate features vf() that returns -EOPNOTSUPP and wire it into ixgbevf hv mac ops. The caller already handles -EOPNOTSUPP gracefully.