Stanislav

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The Linux kernel contains a flaw in the `bpf crypto crypt()` function where the size of the destination dynamic pointer (`dst`) is not validated against the size of the source dynamic pointer (`src`) before being passed to the crypto backend. This can lead to an out-of-bounds write if the destination buffer is smaller than the source buffer. The function uses ` bpf dynptr data()` and ` bpf dynptr data rw()` to fetch linear buffers from each dynamic pointer. The crypto backend expects the destination buffer to be large enough to accommodate the data being written, based on the source length (`src len`). A check has been added to ensure `src len` is not greater than `dst len` to prevent the out-of-bounds write. This function is accessible only under root privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.