A subtle bounds-checking bug in the Linux kernel’s ARM64 NEON crypto path — tracked as CVE-2024-26789 — can cause out-of-bounds memory accesses when processing short AES-CTR inputs; the flaw has been patched upstream by cloning a small but crucial workaround (temporary-buffering of sub‑16‑byte...
