CVE-2026-53013
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF macvlan_get_size() does not account for IFLA_MACVLAN_BC_CUTOFF, but macvlan_fill_info() conditionally includes it when port->bc_cutoff != 1. This causes nla_put_s32() to fail with -EMSGSIZE when the netlink skb runs out of space, triggering a WARN_ON in rtnetlink and preventing the interface from being dumped. The bug can be reproduced with: ip link add macvlan0 link eth0 type macvlan mode bridge ip link set macvlan0 type macvlan bc_cutoff 0 ip -d link show macvlan0 # fails with -EMSGSIZE The bc_cutoff feature was added in commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff"), which added the nla_put_s32() call in macvlan_fill_info() but missed adding the corresponding nla_total_size(4) in macvlan_get_size(). A follow-up commit 55cef78c244d ("macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF") fixed the missing nla_policy entry but still did not fix the size calculation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53013
EUVD
EUVD-2026-38881
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux linux_kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's macvlan network driver. Specifically, the function macvlan_get_size() does not reserve enough space for the IFLA_MACVLAN_BC_CUTOFF attribute, even though macvlan_fill_info() conditionally includes this attribute when the broadcast cutoff feature is enabled (port->bc_cutoff != 1).

Because of this mismatch, the nla_put_s32() function fails with an -EMSGSIZE error when the netlink socket buffer runs out of space. This failure triggers a WARN_ON warning in rtnetlink and prevents the network interface information from being properly dumped or displayed.

The issue was introduced when the bc_cutoff feature was added, where the size calculation did not account for the new attribute, and although a later commit fixed the policy for the attribute, it did not fix the size reservation problem.

Impact Analysis

This vulnerability can cause failures when attempting to display or dump macvlan network interface information using netlink tools. Specifically, commands like 'ip -d link show macvlan0' may fail with an -EMSGSIZE error.

The failure to properly dump interface information can hinder network management and troubleshooting, potentially causing inconvenience or delays in network operations.

However, there is no indication that this vulnerability leads to privilege escalation, data corruption, or remote code execution.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the issue using specific ip commands related to macvlan interfaces.

  • Run the command: ip link add macvlan0 link eth0 type macvlan mode bridge
  • Set the bc_cutoff attribute with: ip link set macvlan0 type macvlan bc_cutoff 0
  • Attempt to display the macvlan interface details with: ip -d link show macvlan0

If the vulnerability is present, the last command will fail with an -EMSGSIZE error and trigger a WARN_ON in rtnetlink, preventing the interface from being dumped.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53013. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart