{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23519", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-13T18:22:43.980Z", "datePublished": "2026-01-15T19:13:54.440Z", "dateUpdated": "2026-01-15T19:57:48.741Z"}, "containers": {"cna": {"title": "RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz", "problemTypes": [{"descriptions": [{"cweId": "CWE-208", "lang": "en", "description": "CWE-208: Observable Timing Discrepancy", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.9, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp"}, {"name": "https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778", "tags": ["x_refsource_MISC"], "url": "https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778"}], "affected": [{"vendor": "RustCrypto", "product": "utils", "versions": [{"version": "< 0.4.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-15T19:13:54.440Z"}, "descriptions": [{"lang": "en", "value": "RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4."}], "source": {"advisory": "GHSA-2gqc-6j2q-83qp", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-15T19:57:42.346432Z", "id": "CVE-2026-23519", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T19:57:48.741Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23519", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-15T19:57:42.346432Z"}}}], "references": [{"url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T19:57:33.242Z"}}], "cna": {"title": "RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz", "source": {"advisory": "GHSA-2gqc-6j2q-83qp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "RustCrypto", "product": "utils", "versions": [{"status": "affected", "version": "< 0.4.4"}]}], "references": [{"url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp", "name": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778", "name": "https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-208", "description": "CWE-208: Observable Timing Discrepancy"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-15T19:13:54.440Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23519", "state": "PUBLISHED", "dateUpdated": "2026-01-15T19:57:48.741Z", "dateReserved": "2026-01-13T18:22:43.980Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-15T19:13:54.440Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rustcrypto:cmov:*:*:*:*:*:rust:*:*", "matchCriteriaId": "A05B5CBC-9FDB-429A-889F-56928657A4D8", "versionEndExcluding": "0.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4."}], "id": "CVE-2026-23519", "lastModified": "2026-01-23T18:59:58.223", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-15T20:16:05.313", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-208"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T06:01:32.130566+00:00", "value": {"mitigation_remediation": ["Apply the official patch by upgrading the RustCrypto utils crate to version 0.4.4 or later.", "Verify that the compiled binary targets thumbv6m-none-eabi emit the corrected constant\u2011time instructions.", "Ensure that no other constant\u2011time dependencies contain similar compiler\u2011specific regressions by auditing the crate\u2019s release notes and running static\u2011analysis tools for timing\u2011leak detection."], "summary": {"action": "Immediate Patch", "impact": "Timing side\u2011channel leading to information leakage"}, "threat_synthesis": {"affected_systems": "The affected product is the RustCrypto utils crate, specifically the CMOV component. Versions before 0.4.4 compiled for the thumbv6m-none-eabi target are vulnerable. The vulnerability manifests on Cortex\u00a0M0, M0+, and M1 silicon where the compiler emits insecure assembly. Upgrading to version 0.4.4 or later resolves the issue.", "description_and_impact": "RustCrypto CMOV offers conditional move CPU intrinsics intended to execute in constant\u2011time, ensuring that the compiler does not replace them with branching. Prior to version 0.4.4, compiling this crate for the thumbv6m-none-eabi target (Cortex\u00a0M0, M0+, and M1) resulted in non\u2011constant\u2011time assembly for the cmovnz operation, violating the constant\u2011time guarantee and creating a data\u2011dependent timing side\u2011channel. This flaw permits an attacker who can observe execution timings to infer secret data processed by the intrinsic, potentially compromising cryptographic operations that rely on CMOV for confidentiality.", "risk_and_exploitability": "The CVSS score of 8.9 indicates high severity, while the EPSS score of less than 1% shows that exploitation is likely rare, and the vulnerability is not listed in the CISA KEV catalog. The attack requires an attacker who can run the vulnerable code and accurately measure execution time, either locally or via a remote timing oracle. If successful, the attacker can reconstruct confidential data processed by the CMOV operations. The lack of observable branching in the original design amplifies the risk of covert channel leakage."}}}}, "created": "2026-01-16T13:43:00.795516+00:00", "updated": "2026-04-18T06:15:15.860640+00:00", "vendors": ["rustcrypto", "rustcrypto$PRODUCT$utils"]}