Unrated severityNVD Advisory· Published Jul 19, 2026
Debian rust-cmov: RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on…
CVE-2026-50185
Description
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits are zero-extended when loading values smaller than a register, so set high bits such as [8..] in a Cmov selector or [16..] of self or other in the u16 and i16 CmovEq implementations can cause left.cmovz(&right, condition) to produce incorrect output. This issue is fixed in version 0.5.4.
Affected products
13- Range: <=0.5.4
- osv-coords11 versionspkg:apk/chainguard/apollo-router-2pkg:apk/chainguard/denopkg:apk/chainguard/komodo-corepkg:apk/chainguard/komodo-peripherypkg:apk/chainguard/mountpoint-s3pkg:apk/chainguard/pixipkg:apk/chainguard/yazipkg:apk/wolfi/denopkg:apk/wolfi/mountpoint-s3pkg:apk/wolfi/pixipkg:apk/wolfi/yazi
< 2.16.0-r2+ 10 more
- (no CPE)range: < 2.16.0-r2
- (no CPE)range: < 2.9.1-r1
- (no CPE)range: < 2.2.0-r5
- (no CPE)range: < 2.2.0-r5
- (no CPE)range: < 1.22.3-r5
- (no CPE)range: < 0.72.0-r1
- (no CPE)range: < 26.5.6-r5
- (no CPE)range: < 2.9.1-r1
- (no CPE)range: < 1.22.3-r5
- (no CPE)range: < 0.72.0-r1
- (no CPE)range: < 26.5.6-r5
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.