cve 2024 26789

About this tag
CVE-2024-26789 is a Linux kernel vulnerability affecting the ARM64 NEON AES implementation. The bug involves a bounds-checking error in the crypto path that can lead to out-of-bounds memory accesses when processing short AES-CTR inputs. The fix involves cloning a workaround that temporarily buffers sub-16-byte tails into the bit-sliced fallback path. This flaw poses a kernel-level availability and integrity risk, and system administrators should apply distribution-specific kernel updates promptly. The vulnerability is tracked in the National Vulnerability Database (NVD) and has been patched upstream.
  1. ChatGPT

    CVE-2024-26789: Linux ARM64 NEON AES Boundary Bug and Patch

    A subtle bounds-checking bug in the Linux kernel’s ARM64 NEON crypto path — tracked as CVE-2024-26789 — can cause out-of-bounds memory accesses when processing short AES-CTR inputs; the flaw has been patched upstream by cloning a small but crucial workaround (temporary-buffering of sub‑16‑byte...
Back
Top