CVE-2026-23519

Name of the Vulnerable Software and Affected Versions RustCrypto versions prior to 0.4.4

Description The RustCrypto CMOV implementation, designed to provide constant-time conditional move operations, exhibits non-constant time behavior when compiled for the thumbv6m-none-eabi target (Cortex M0, M0+, and M1 processors). This occurs due to an LLVM optimization pass interpreting a bitwise operation as a conditional branch, negating the constant-time guarantee. The issue arises during the mask computation within the cmov crate, specifically related to the bitnz function and its subsequent use in a wrapping subtraction. The portable version of cmovnz is affected. The impact of this issue is currently unclear, but the cmov crate provides a warning to users that the portable version is best-effort.

Recommendations Update to RustCrypto version 0.4.4 or later.