CVE-2026-53211

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft meta bridge: fix stale stack leak via IIFHWADDR register

NFT META BRI IIFHWADDR declares its destination register with len = ETH ALEN (6 bytes), which the register-init tracking rounds up to two 32-bit registers (8 bytes). nft meta bridge get eval() then does memcpy(dest, br dev->dev addr, ETH ALEN), writing only 6 bytes and leaving the upper 2 bytes of the second register as uninitialised nft do chain() stack. A downstream load of that register span leaks those stale bytes to userspace.

Zero the second register before the memcpy so the full declared span is written.