Home

Description

In the Linux kernel, the following vulnerability has been resolved: macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF The previous commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff") added one additional attribute named IFLA_MACVLAN_BC_CUTOFF to allow broadcast cutfoff. However, it forgot to describe the nla_policy at macvlan_policy (drivers/net/macvlan.c). Hence, this suppose NLA_S32 (4 bytes) integer can be faked as empty (0 bytes) by a malicious user, which could leads to OOB in heap just like CVE-2023-3773. To fix it, this commit just completes the nla_policy description for IFLA_MACVLAN_BC_CUTOFF. This enforces the length check and avoids the potential OOB read.

PUBLISHED Reserved 2025-10-01 | Published 2025-10-01 | Updated 2025-10-01 | Assigner Linux

Product status

Default status
unaffected

954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348 before 79f44709aa7a744fbfbadd4aef678443290c6991
affected

954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348 before 55cef78c244d0d076f5a75a35530ca63c92f4426
affected

Default status
affected

6.4
affected

Any version before 6.4
unaffected

6.4.8
unaffected

6.5
unaffected

References

git.kernel.org/...c/79f44709aa7a744fbfbadd4aef678443290c6991

git.kernel.org/...c/55cef78c244d0d076f5a75a35530ca63c92f4426

cve.org (CVE-2023-53516)

nvd.nist.gov (CVE-2023-53516)

Download JSON