Milinjpatel

**Name of the Vulnerable Software and Affected Versions** Arm AArch64cryptolib versions before 86065c6 **Description** The issue concerns the armv8 dec aes gcm full() API, which fails to verify the authentication tag of AES-GCM protected data. This failure is due to an improperly initialized variable, leading to a potential man-in-the-middle attack. **Recommendations** For Arm AArch64cryptolib versions before 86065c6, update to a version after 86065c6 to resolve the issue. As a temporary workaround, consider restricting the use of the armv8 dec aes gcm full() API until a patch is available.