SB20260625166 - Incorrect Calculation of Buffer Size in Linux kernel net driver



SB20260625166 - Incorrect Calculation of Buffer Size in Linux kernel net driver

Published: June 25, 2026

Security Bulletin ID SB20260625166
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2026-53013)

CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper calculation of buffer size in macvlan_get_size() when dumping macvlan interface information over netlink. A local user can configure the bc_cutoff attribute and request detailed link information to cause a denial of service.

The issue is triggered when the broadcast cutoff value is not equal to 1, causing the netlink message buffer to run out of space and the interface dump to fail with -EMSGSIZE.


Remediation

Install update from vendor's website.