Incorrect Calculation of Buffer Size in Linux kernel - CVE-2026-53013

 

Incorrect Calculation of Buffer Size in Linux kernel - CVE-2026-53013

Published: June 25, 2026


Vulnerability identifier: #VU135358
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53013
CWE-ID: CWE-131
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper calculation of buffer size in macvlan_get_size() when dumping macvlan interface information over netlink. A local user can configure the bc_cutoff attribute and request detailed link information to cause a denial of service.

The issue is triggered when the broadcast cutoff value is not equal to 1, causing the netlink message buffer to run out of space and the interface dump to fail with -EMSGSIZE.


How to mitigate CVE-2026-53013

Install security update from vendor's repository.

Sources