CVE-2026-53013

In the Linux kernel, the following vulnerability has been resolved:

macvlan: fix macvlan get size() not reserving space for IFLA MACVLAN BC CUTOFF

macvlan get size() does not account for IFLA MACVLAN BC CUTOFF, but macvlan fill info() conditionally includes it when port->bc cutoff != 1. This causes nla put s32() to fail with -EMSGSIZE when the netlink skb runs out of space, triggering a WARN ON in rtnetlink and preventing the interface from being dumped.

The bug can be reproduced with:

ip link add macvlan0 link eth0 type macvlan mode bridge ip link set macvlan0 type macvlan bc cutoff 0 ip -d link show macvlan0 # fails with -EMSGSIZE

The bc cutoff feature was added in commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff"), which added the nla put s32() call in macvlan fill info() but missed adding the corresponding nla total size(4) in macvlan get size(). A follow-up commit 55cef78c244d ("macvlan: add forgotten nla policy for IFLA MACVLAN BC CUTOFF") fixed the missing nla policy entry but still did not fix the size calculation.