CVE-2026-53013
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF macvlan_get_size() does not account for IFLA_MACVLAN_BC_CUTOFF, but macvlan_fill_info() conditionally includes it when port->bc_cutoff != 1. This causes nla_put_s32() to fail with -EMSGSIZE when the netlink skb runs out of space, triggering a WARN_ON in rtnetlink and preventing the interface from being dumped. The bug can be reproduced with: ip link add macvlan0 link eth0 type macvlan mode bridge ip link set macvlan0 type macvlan bc_cutoff 0 ip -d link show macvlan0 # fails with -EMSGSIZE The bc_cutoff feature was added in commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff"), which added the nla_put_s32() call in macvlan_fill_info() but missed adding the corresponding nla_total_size(4) in macvlan_get_size(). A follow-up commit 55cef78c244d ("macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF") fixed the missing nla_policy entry but still did not fix the size calculation.
Affected versions
Linux kernel versions
6.4
and later are affected. Fixed in
6.6.141,
6.12.91,
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
5 totalFrequently asked questions
-
What is CVE-2026-53013?
CVE-2026-53013 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.4 onward and has been patched in 6.6.141, 6.12.91, 6.18.33 and others. CVE-2026-53013 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53013?
Yes — CVE-2026-53013 has been patched. Fixed versions include 6.6.141, 6.12.91, 6.18.33 and others. If you are running Linux kernel 6.4 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53013 actively exploited?
No — CVE-2026-53013 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.