Impact
The Linux kernel routine that calculates the netlink message size for a macvlan interface fails to reserve space for the IFLA_MACVLAN_BC_CUTOFF attribute. When a macvlan interface is queried with bc_cutoff set to 0, the missing attribute is added during message construction, causing nla_put_s32 to return -EMSGSIZE. This triggers a WARN_ON in rtnetlink and prevents the kernel from dumping the interface information, breaking management tools that rely on retrieving interface details. The flaw does not provide arbitrary code execution but disrupts normal operation of macvlan interfaces, effectively denying access to interface metadata.
Affected Systems
The bug resides in the Linux kernel itself, affecting all distributions that ship a kernel version containing the unpatched code path. The problematic code was introduced with the addition of the bc_cutoff netlink attribute in newer kernel releases and was corrected by later patches. Consequently, any system running a kernel before the fix that uses macvlan interfaces with the bc_cutoff attribute may be impacted.
Risk and Exploitability
The CVSS score for this vulnerability is 5.5, indicating moderate severity. The EPSS score is <1%, suggesting a low probability of exploitation. The issue is not listed in CISA’s KEV catalog, implying no known widespread exploitation. Based on the description, it is inferred that an attacker with local privileges (CAP_NET_ADMIN or root) would need to send a netlink request that sets bc_cutoff to 0 while querying a macvlan interface. The missing size calculation leads to an -EMSGSIZE error in nla_put_s32, triggering a WARN_ON in rtnetlink and preventing the interface from being dumped, resulting in a denial of service that blocks retrieval of macvlan interface details.
OpenCVE Enrichment