N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-2cgv-28vr-rv6j

GHSA-2cgv-28vr-rv6j: libcrux incorrectly calculates on aarch64

On platforms without the core::arch::aarch64::vxarq_u64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared secrets and invalid signatures.

The issue has been fixed in v0.0.4.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-2cgv-28vr-rv6j

GHSA-2cgv-28vr-rv6j:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
libcrux-intrinsics	rust	= 0.0.3	0.0.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is located in the libcrux-intrinsics crate, specifically within a fallback implementation of the _vxarq_u64 function for the aarch64 architecture. This function is intended to emulate a hardware intrinsic when it's not available on the platform. The analysis of the patch in commit 8d10f45631afd1d93fabb2278dbb388a075b5608 reveals that the vulnerable version of the function passed an incorrect argument to an internal bitwise operation. Specifically, _vshlq_n_u64 was called with b instead of a_xor_b, leading to a flawed calculation. This bug corrupts the output of cryptographic primitives that rely on this function, such as SHA-3, causing libcrux-ml-kem to produce incorrect shared secrets and libcrux-ml-dsa to generate invalid signatures. The vulnerability is triggered during runtime on aarch64 systems that execute this specific fallback code path. The fix corrects the argument, ensuring the calculation is performed as intended.

Vulnerable functions

_vxarq_u64

libcrux-intrinsics/src/arm64.rs

The function `_vxarq_u64` provides a fallback implementation for an ARM64 intrinsic. In the vulnerable version, it incorrectly used the variable `b` as an argument for the left shift operation (`_vshlq_n_u64`), whereas it should have used `a_xor_b`. This error in the fallback logic leads to incorrect results for cryptographic operations like SHA-3, ML-KEM, and ML-DSA on aarch64 platforms that lack the native hardware intrinsic.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-2cgv-28vr-rv6j: libcrux incorrectly calculates on aarch64

GHSA-2cgv-28vr-rv6j:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

N/A

N/A

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

GHSA-2cgv-28vr-rv6j: libcrux incorrectly calculates on aarch64

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI