Conditional Move CPU Intrinsics Vulnerability in RustCrypto
CVE-2026-50185
2LOW
What is CVE-2026-50185?
The RustCrypto CMOV library contains a flaw in its aarch64 implementations of the Cmov and CmovEq functions. From versions 0.1.1 to 0.5.4, the implementation incorrectly assumes that high bits are zero-extended when loading values smaller than a register. This can lead to faulty behavior in the execution of conditional move operations, resulting in incorrect outputs from functions like left.cmovz(&right, condition) when specific bit patterns are used. The issue has been rectified in version 0.5.4.
Affected Version(s)
utils >= 0.1.1, < 0.5.4
