You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 26789
About this tag
CVE-2024-26789 is a Linux kernel vulnerability affecting the ARM64 NEON AES implementation. The bug involves a bounds-checking error in the crypto path that can lead to out-of-bounds memory accesses when processing short AES-CTR inputs. The fix involves cloning a workaround that temporarily buffers sub-16-byte tails into the bit-sliced fallback path. This flaw poses a kernel-level availability and integrity risk, and system administrators should apply distribution-specific kernel updates promptly. The vulnerability is tracked in the National Vulnerability Database (NVD) and has been patched upstream.
A subtle bounds-checking bug in the Linux kernel’s ARM64 NEON crypto path — tracked as CVE-2024-26789 — can cause out-of-bounds memory accesses when processing short AES-CTR inputs; the flaw has been patched upstream by cloning a small but crucial workaround (temporary-buffering of sub‑16‑byte...