Impact
The vulnerability arises from an in-place copying mechanism in the Linux kernel’s ALGIF_AEAD helper. In this mechanism source and destination buffers originate from different memory mappings, and the copy logic does not perform proper bounds checking or offset validation. This improper copy can overwrite unrelated kernel memory, potentially corrupting critical data structures. The flaw maps to CWE‑1288 (improper use of cryptographic memory) and CWE‑669 (improper buffer size calculation).
Affected Systems
Linux kernels that retain the in‑place copy helper before the revert commit are affected. This includes mainstream distributions that ship kernel versions lacking the out‑of‑place copy fix—such as Ubuntu, Debian, Red‑Hat Enterprise Linux, SUSE, Amazon Linux, and Red Hat OpenShift—at the time of the vulnerability’s discovery. Any system running a vulnerable kernel with the helper active is at risk, whereas kernels that have incorporated the reverted change are not.
Risk and Exploitability
The CVSS score of 7.8 denotes high severity. The EPSS score of 97 % indicates a high likelihood of exploitation, and the CVE is listed in CISA’s KEV catalog, confirming that the vulnerability can be (or has been) exploited in the wild. The attack vector is inferred to be local or requiring the ability to trigger the cryptographic helper; successful exploitation can lead to kernel memory corruption, enabling privilege escalation or denial of service.
OpenCVE Enrichment
Debian DLA
Debian DSA
Ubuntu USN