rustsec-2026-0126
Vulnerability from osv_rustsec
Published
2026-04-27 12:00
Modified
2026-05-13 10:05
Summary
AVX2 Implementation Did Not Fully Reduce Intermediate Values
Details

The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation.

Impact

We are not aware of inputs to the public key generation, signing or verification APIs that trigger a panic in the AVX2 implementation because the intermediate values were not fully reduced.

Mitigation

From version 0.0.9 intermediate values on AVX2 platforms are fully reduced in alignment with the portable implementation.

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "categories": [],
        "cvss": null,
        "informational": "notice"
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [
            "x86_64"
          ],
          "functions": [],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "libcrux-ml-dsa",
        "purl": "pkg:cargo/libcrux-ml-dsa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.0.0-0"
            },
            {
              "fixed": "0.0.9"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [],
  "database_specific": {
    "license": "CC0-1.0"
  },
  "details": "The AVX2 implementation of ML-DSA did not fully reduce intermediate\ninputs to the inverse NTT, which leads to a testable difference in\npanic behaviour of internal functions compared to the portable\nimplementation.\n\n## Impact\nWe are not aware of inputs to the public key generation, signing or\nverification APIs that trigger a panic in the AVX2 implementation\nbecause the intermediate values were not fully reduced.\n\n## Mitigation\nFrom version `0.0.9` intermediate values on AVX2 platforms are fully\nreduced in alignment with the portable implementation.",
  "id": "RUSTSEC-2026-0126",
  "modified": "2026-05-13T10:05:44Z",
  "published": "2026-04-27T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/libcrux-ml-dsa"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0126.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cryspen/libcrux/pull/1395"
    }
  ],
  "related": [],
  "severity": [],
  "summary": "AVX2 Implementation Did Not Fully Reduce Intermediate Values"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.