GHSA-2cgv-28vr-rv6j: libcrux incorrectly calculates on aarch64

December 4, 2025

On platforms without the core::arch::aarch64::vxarq_u64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared secrets and invalid signatures.

The issue has been fixed in v0.0.4.

References

github.com/advisories/GHSA-2cgv-28vr-rv6j
github.com/cryspen/libcrux
github.com/cryspen/libcrux/commit/8d10f45631afd1d93fabb2278dbb388a075b5608
github.com/cryspen/libcrux/issues/1220
github.com/cryspen/libcrux/pull/1222
rustsec.org/advisories/RUSTSEC-2025-0133.html

Code Behaviors & Features

Detect and mitigate GHSA-2cgv-28vr-rv6j with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →