CVE-2026-23519
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: GitHub, Inc.

Description
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23519
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rustcrypto cmov 0.4.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23519 is a timing side-channel vulnerability in the RustCrypto cmov crate versions prior to 0.4.4 when compiled for the thumbv6m-none-eabi target (Cortex M0, M0+, and M1 microcontrollers). The issue arises because the compiler emits non-constant-time assembly code for the portable conditional move if not zero (cmovnz) operation. This happens due to LLVM optimizations that convert constant-time mask computations into conditional branches, which leak timing information. The vulnerability allows attackers to potentially infer secret data by measuring operation timing differences. The problem was fixed in version 0.4.4 by adjusting the code to prevent these optimizations and ensure constant-time behavior. [1, 2]

Impact Analysis

This vulnerability can impact you by leaking sensitive information through timing side-channels. Because the vulnerable cmovnz implementation does not execute in constant time, attackers can potentially observe timing differences in operations to infer secret data or cryptographic keys. This can compromise confidentiality, especially in security-critical applications running on affected Cortex M0, M0+, and M1 microcontrollers. The CVSS v4 base score of 8.9 indicates a high severity impact on confidentiality with no required privileges or user interaction. [2]

Detection Guidance

This vulnerability can be detected by examining the assembly code generated for the `cmovnz` function on the `thumbv6m-none-eabi` target (Cortex M0, M0+, M1). Specifically, look for non-constant time assembly instructions such as conditional branches (`bne`, `mvns`) in the emitted code. A practical approach is to compile a minimal Rust program using the vulnerable `cmov` crate version prior to 0.4.4 targeting `thumbv6m-none-eabi`, then inspect the generated assembly output for these conditional instructions. For example, use the Rust compiler with flags to emit assembly: `cargo rustc --target thumbv6m-none-eabi -- --emit asm` and then search the assembly for `bne` or `mvns` instructions within the `cmovnz` function. [2]

Mitigation Strategies

The immediate mitigation step is to upgrade the RustCrypto `cmov` crate to version 0.4.4 or later, where the vulnerability is fixed. The fix ensures that the portable `cmovnz` implementation produces constant-time assembly on the affected `thumbv6m-none-eabi` target by adjusting the use of the `black_box` macro and mask computations to prevent LLVM from emitting conditional branches. Until the upgrade is applied, avoid using the vulnerable `cmovnz` function on Cortex M0/M0+/M1 targets to prevent timing side-channel leaks. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart