CVE-2023-53516

01.10.2025, 12:15

In the Linux kernel, the following vulnerability has been resolved:

macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF

The previous commit 954d1fa1ac93 ("macvlan: Add netlink attribute for
broadcast cutoff") added one additional attribute named
IFLA_MACVLAN_BC_CUTOFF to allow broadcast cutfoff.

However, it forgot to describe the nla_policy at macvlan_policy
(drivers/net/macvlan.c). Hence, this suppose NLA_S32 (4 bytes) integer
can be faked as empty (0 bytes) by a malicious user, which could leads
to OOB in heap just like CVE-2023-3773.

To fix it, this commit just completes the nla_policy description for
IFLA_MACVLAN_BC_CUTOFF. This enforces the length check and avoids the
potential OOB read.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
bookworm	6.1.148-1 not-affected
bullseye (security)	5.10.237-1 fixed
bookworm (security)	6.1.153-1 fixed
trixie	6.12.43-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.16.8-1 fixed
sid	6.16.9-1 fixed

References

https://git.kernel.org/stable/c/55cef78c244d0d076f5a75a35530ca63c92f4426

https://git.kernel.org/stable/c/79f44709aa7a744fbfbadd4aef678443290c6991