Impact
Based on the description, it is inferred that the flaw arises when the AF_ALG "rfc3686-ctr-aes-ccp" path copies an 8‑byte IV into a caller buffer and then restores AES_BLOCK_SIZE (16) bytes during completion, overwriting memory beyond the intended region. This kernel‑space buffer overrun could corrupt data integrity or cause a system crash, representing a classic unchecked copy operation.
Affected Systems
All Linux kernel versions that include the vulnerable ccp AES implementation, with no specific version mitigated yet. The affected product is the Linux kernel cryptographic core, as indicated by the generic Linux CPE.
Risk and Exploitability
Based on the description, it is inferred that the vulnerability can be triggered by any code that submits AF_ALG requests utilizing the RFC3686 cipher, potentially allowing an attacker to cause memory corruption. A CVSS score of 7.8 is provided, and EPSS is < 1%, so the quantitative risk cannot be measured. However, the flaw is a kernel‑space buffer overrun that could be exploited if an attacker can influence the IV buffer; currently, no exploits are publicly known, and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation at this time.
OpenCVE Enrichment
Debian DLA