Incorrect Calculation of Buffer Size in Linux kernel - CVE-2026-53013
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper calculation of buffer size in macvlan_get_size() when dumping macvlan interface information over netlink. A local user can configure the bc_cutoff attribute and request detailed link information to cause a denial of service.
The issue is triggered when the broadcast cutoff value is not equal to 1, causing the netlink message buffer to run out of space and the interface dump to fail with -EMSGSIZE.
How to mitigate CVE-2026-53013
Sources
- https://git.kernel.org/stable/c/1c004f14ccdc11585625c168bb9a7c5e1b8afb0c
- https://git.kernel.org/stable/c/4979252758387b338ca968ba7e0515b0ae2257e3
- https://git.kernel.org/stable/c/77ecfa4e27f282d224215895ddfbeb916fc75e24
- https://git.kernel.org/stable/c/b6b7154e9f5d75b608ceb2d05b376de8c638c40e
- https://git.kernel.org/stable/c/fa92a77b0ed4d5f11a71665a232ac5a54a4b055d