-

CVE-2026-53013

macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF

macvlan_get_size() does not account for IFLA_MACVLAN_BC_CUTOFF, but
macvlan_fill_info() conditionally includes it when port->bc_cutoff != 1.
This causes nla_put_s32() to fail with -EMSGSIZE when the netlink skb
runs out of space, triggering a WARN_ON in rtnetlink and preventing the
interface from being dumped.

The bug can be reproduced with:

  ip link add macvlan0 link eth0 type macvlan mode bridge
  ip link set macvlan0 type macvlan bc_cutoff 0
  ip -d link show macvlan0   # fails with -EMSGSIZE

The bc_cutoff feature was added in commit 954d1fa1ac93 ("macvlan: Add
netlink attribute for broadcast cutoff"), which added the nla_put_s32()
call in macvlan_fill_info() but missed adding the corresponding
nla_total_size(4) in macvlan_get_size(). A follow-up commit
55cef78c244d ("macvlan: add forgotten nla_policy for
IFLA_MACVLAN_BC_CUTOFF") fixed the missing nla_policy entry but still
did not fix the size calculation.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348
Version < 4979252758387b338ca968ba7e0515b0ae2257e3
Status affected
Version 954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348
Version < 77ecfa4e27f282d224215895ddfbeb916fc75e24
Status affected
Version 954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348
Version < b6b7154e9f5d75b608ceb2d05b376de8c638c40e
Status affected
Version 954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348
Version < 1c004f14ccdc11585625c168bb9a7c5e1b8afb0c
Status affected
Version 954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348
Version < fa92a77b0ed4d5f11a71665a232ac5a54a4b055d
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.4
Status affected
Version 0
Version < 6.4
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.063
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/4979252758387b338ca968ba7e0515b0ae2257e3
https://git.kernel.org/stable/c/77ecfa4e27f282d224215895ddfbeb916fc75e24
https://git.kernel.org/stable/c/b6b7154e9f5d75b608ceb2d05b376de8c638c40e
https://git.kernel.org/stable/c/1c004f14ccdc11585625c168bb9a7c5e1b8afb0c
https://git.kernel.org/stable/c/fa92a77b0ed4d5f11a71665a232ac5a54a4b055d