The vulnerability resides in the Linux kernel crypto subsystem, specifically within the af_alg_pull_tsgl function. When page reassignment was added, the loop controlling the number of pages to reassign failed to adjust for the new logic, allowing the code to attempt reassignment of one page beyond what was necessary. This can lead to an out‑of‑bounds write or overwrite ring allocation structures, potentially corrupting kernel memory. Such corruption may allow an attacker to execute arbitrary code at the privilege level of the kernel or to crash the system, thereby compromising confidentiality, integrity, and availability.

Linux kernel releases that include the af_alg interface are impacted. The CNA vendor list shows Linux:Linux, and no specific fixed or affected version ranges are provided, meaning any kernel build that contains af_alg_pull_tsgl without the patch may be vulnerable. Users should verify if their kernel version includes the commit that introduced the fix.

No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score is unspecified in the public data, but the nature of the flaw—kernel out‑of‑bounds write—typically carries high severity. The likely attack vector requires the attacker to execute code that triggers af_alg calls, such as a malicious crypto operation. If an attacker can supply input that forces a page reassignment beyond bounds, memory corruption may occur, potentially leading to arbitrary code execution or denial of service. The absence of an official KEV listing and EPSS data suggests it is not yet widely exploited publicly, but the impact of exploitation remains severe.