CVE-2023-53516

Published: Oct 1, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF The previous commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff") added one additional attribute named IFLA_MACVLAN_BC_CUTOFF to allow broadcast cutfoff. However, it forgot to describe the nla_policy at macvlan_policy (drivers/net/macvlan.c). Hence, this suppose NLA_S32 (4 bytes) integer can be faked as empty (0 bytes) by a malicious user, which could leads to OOB in heap just like CVE-2023-3773. To fix it, this commit just completes the nla_policy description for IFLA_MACVLAN_BC_CUTOFF. This enforces the length check and avoids the potential OOB read.

Vendor	Product	Versions
Linux	Linux	affected `954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348 - < 79f44709aa7a744fbfbadd4aef678443290c6991` affected `954d1fa1ac93aa8a66f7d9a9ba545cf7f020d348 - < 55cef78c244d0d076f5a75a35530ca63c92f4426`
Linux	Linux	affected `6.4` unaffected `0 - < 6.4` unaffected `6.4.8 - <= 6.4.` unaffected `6.5 - <= `

References

https://git.kernel.org/stable/c/79f44709aa7a744fbfbadd4aef678443290c6991

https://git.kernel.org/stable/c/55cef78c244d0d076f5a75a35530ca63c92f4426

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-53516

Description

Affected Products

References