Index: sys/dev/ixl/ixl.h
===================================================================
--- sys/dev/ixl/ixl.h
+++ sys/dev/ixl/ixl.h
@@ -52,6 +52,7 @@
 #include <sys/sockio.h>
 #include <sys/eventhandler.h>
 #include <sys/syslog.h>
+#include <sys/priv.h>
 
 #include <net/if.h>
 #include <net/if_var.h>
Index: sys/dev/ixl/ixl_pf_main.c
===================================================================
--- sys/dev/ixl/ixl_pf_main.c
+++ sys/dev/ixl/ixl_pf_main.c
@@ -3662,6 +3662,15 @@
 
 	DEBUGFUNC("ixl_handle_nvmupd_cmd");
 
+	/*
+	 * iflib_if_ioctl forwards SIOCxDRVSPEC without performing a privilege
+	 * check. Perform one here to ensure that non-privileged threads
+	 * cannot access this interface.
+	 */
+	err = priv_check(curthread, PRIV_DRIVER);
+	if (err)
+		return (err);
+
 	/* Sanity checks */
 	nvma_size = sizeof(struct i40e_nvm_access);
 	ifd_len = ifd->ifd_len;