The vulnerability was discovered in the Linux kernel’s cryptographic helper function algif_aead, where a change intended to enable in‑place handling of authentication data was later reverted. The in‑place logic could have caused memory overlap between source and destination buffers because they were mapped separately, potentially leading to corrupted authentication tags or incorrect encryption outputs. The revert restores a simple out‑of‑place copy and eliminates that overlap. This weakness corresponds to CWE‑1288, where improper validation of credentials or data integrity can allow attackers to influence authentication results.

All Linux kernel installations that incorporated the erroneous in‑place implementation of algif_aead may be affected. The specific kernel versions affected are not listed, but any release that contains the in‑place operation before the revert could be vulnerable. Distribution maintainers should verify whether the revert commit is present in their shipped kernel images.

The CVSS score of 5.5 indicates a moderate severity. No EPSS score is available, and the vulnerability is not currently listed in the CISA KEV catalog, so the exploitation likelihood is uncertain. The attack likely requires the ability to send crafted cryptographic requests to the kernel, which could be achieved via local user processes that invoke the affected helper or through a higher‑privileged exploit that writes arbitrary data into the relevant buffers. The potential consequence, if the flaw had persisted, would be the generation or acceptance of incorrect authentication tags, which could lead to data integrity violations or a denial‑of‑service condition.