Conditional Move Vulnerability in RustCrypto on Cortex M0 Series
CVE-2026-23519
8.9HIGH
What is CVE-2026-23519?
The RustCrypto library's CMOV implementation prior to version 0.4.4 exposes a security concern for the Cortex M0, M0+, and M1 processors. Specifically, the portable version of cmovnz can generate non-constant time assembly code, potentially allowing an attacker to exploit timing discrepancies. This flaw compromises the integrity of cryptographic operations, making it crucial for developers utilizing this library on the affected platforms to upgrade to version 0.4.4 or later to mitigate these risks. For further details, refer to the official GitHub security advisories and related commits.
Affected Version(s)
utils < 0.4.4
