SB20260625166 - Incorrect Calculation of Buffer Size in Linux kernel net driver
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2026-53013)
CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper calculation of buffer size in macvlan_get_size() when dumping macvlan interface information over netlink. A local user can configure the bc_cutoff attribute and request detailed link information to cause a denial of service.
The issue is triggered when the broadcast cutoff value is not equal to 1, causing the netlink message buffer to run out of space and the interface dump to fail with -EMSGSIZE.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1c004f14ccdc11585625c168bb9a7c5e1b8afb0c
- https://git.kernel.org/stable/c/4979252758387b338ca968ba7e0515b0ae2257e3
- https://git.kernel.org/stable/c/77ecfa4e27f282d224215895ddfbeb916fc75e24
- https://git.kernel.org/stable/c/b6b7154e9f5d75b608ceb2d05b376de8c638c40e
- https://git.kernel.org/stable/c/fa92a77b0ed4d5f11a71665a232ac5a54a4b055d