CVE-2023-26084

Name of the Vulnerable Software and Affected Versions Arm AArch64cryptolib versions before 86065c6

Description The issue concerns the armv8 dec aes gcm full() API, which fails to verify the authentication tag of AES-GCM protected data. This failure is due to an improperly initialized variable, leading to a potential man-in-the-middle attack.

Recommendations For Arm AArch64cryptolib versions before 86065c6, update to a version after 86065c6 to resolve the issue. As a temporary workaround, consider restricting the use of the armv8 dec aes gcm full() API until a patch is available.