CVE-2026-53013

Source
https://cve.org/CVERecord?id=CVE-2026-53013
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53013.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53013
Downstream
Published
2026-06-24T16:29:23.856Z
Modified
2026-07-08T08:13:46.666609473Z
Summary
macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF
Details

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix macvlangetsize() not reserving space for IFLAMACVLANBC_CUTOFF

macvlangetsize() does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo() conditionally includes it when port->bccutoff != 1. This causes nlaputs32() to fail with -EMSGSIZE when the netlink skb runs out of space, triggering a WARN_ON in rtnetlink and preventing the interface from being dumped.

The bug can be reproduced with:

ip link add macvlan0 link eth0 type macvlan mode bridge ip link set macvlan0 type macvlan bc_cutoff 0 ip -d link show macvlan0 # fails with -EMSGSIZE

The bccutoff feature was added in commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff"), which added the nlaputs32() call in macvlanfillinfo() but missed adding the corresponding nlatotalsize(4) in macvlangetsize(). A follow-up commit 55cef78c244d ("macvlan: add forgotten nlapolicy for IFLAMACVLANBCCUTOFF") fixed the missing nlapolicy entry but still did not fix the size calculation.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53013.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348
Fixed
4979252758387b338ca968ba7e0515b0ae2257e3
Fixed
77ecfa4e27f282d224215895ddfbeb916fc75e24
Fixed
b6b7154e9f5d75b608ceb2d05b376de8c638c40e
Fixed
1c004f14ccdc11585625c168bb9a7c5e1b8afb0c
Fixed
fa92a77b0ed4d5f11a71665a232ac5a54a4b055d

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53013.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53013.json"