CVE-2026-23519
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustcrypto | cmov | 0.4.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-208 | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23519 is a timing side-channel vulnerability in the RustCrypto cmov crate versions prior to 0.4.4 when compiled for the thumbv6m-none-eabi target (Cortex M0, M0+, and M1 microcontrollers). The issue arises because the compiler emits non-constant-time assembly code for the portable conditional move if not zero (cmovnz) operation. This happens due to LLVM optimizations that convert constant-time mask computations into conditional branches, which leak timing information. The vulnerability allows attackers to potentially infer secret data by measuring operation timing differences. The problem was fixed in version 0.4.4 by adjusting the code to prevent these optimizations and ensure constant-time behavior. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by leaking sensitive information through timing side-channels. Because the vulnerable cmovnz implementation does not execute in constant time, attackers can potentially observe timing differences in operations to infer secret data or cryptographic keys. This can compromise confidentiality, especially in security-critical applications running on affected Cortex M0, M0+, and M1 microcontrollers. The CVSS v4 base score of 8.9 indicates a high severity impact on confidentiality with no required privileges or user interaction. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by examining the assembly code generated for the `cmovnz` function on the `thumbv6m-none-eabi` target (Cortex M0, M0+, M1). Specifically, look for non-constant time assembly instructions such as conditional branches (`bne`, `mvns`) in the emitted code. A practical approach is to compile a minimal Rust program using the vulnerable `cmov` crate version prior to 0.4.4 targeting `thumbv6m-none-eabi`, then inspect the generated assembly output for these conditional instructions. For example, use the Rust compiler with flags to emit assembly: `cargo rustc --target thumbv6m-none-eabi -- --emit asm` and then search the assembly for `bne` or `mvns` instructions within the `cmovnz` function. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the RustCrypto `cmov` crate to version 0.4.4 or later, where the vulnerability is fixed. The fix ensures that the portable `cmovnz` implementation produces constant-time assembly on the affected `thumbv6m-none-eabi` target by adjusting the use of the `black_box` macro and mask computations to prevent LLVM from emitting conditional branches. Until the upgrade is applied, avoid using the vulnerable `cmovnz` function on Cortex M0/M0+/M1 targets to prevent timing side-channel leaks. [1, 2]