Conditional Move CPU Intrinsics Vulnerability in RustCrypto
CVE-2026-50185

2LOW

Key Information:

Vendor

Rustcrypto

Status
Vendor
CVE Published:
17 July 2026

What is CVE-2026-50185?

The RustCrypto CMOV library contains a flaw in its aarch64 implementations of the Cmov and CmovEq functions. From versions 0.1.1 to 0.5.4, the implementation incorrectly assumes that high bits are zero-extended when loading values smaller than a register. This can lead to faulty behavior in the execution of conditional move operations, resulting in incorrect outputs from functions like left.cmovz(&right, condition) when specific bit patterns are used. The issue has been rectified in version 0.5.4.

Affected Version(s)

utils >= 0.1.1, < 0.5.4

References

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.