{"id":"RUSTSEC-2026-0126","summary":"AVX2 Implementation Did Not Fully Reduce Intermediate Values","details":"The AVX2 implementation of ML-DSA did not fully reduce intermediate\ninputs to the inverse NTT, which leads to a testable difference in\npanic behaviour of internal functions compared to the portable\nimplementation.\n\n## Impact\nWe are not aware of inputs to the public key generation, signing or\nverification APIs that trigger a panic in the AVX2 implementation\nbecause the intermediate values were not fully reduced.\n\n## Mitigation\nFrom version `0.0.9` intermediate values on AVX2 platforms are fully\nreduced in alignment with the portable implementation.","modified":"2026-05-13T10:15:29.201476Z","published":"2026-04-27T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/libcrux-ml-dsa"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0126.html"},{"type":"WEB","url":"https://github.com/cryspen/libcrux/pull/1395"}],"affected":[{"package":{"name":"libcrux-ml-dsa","ecosystem":"crates.io","purl":"pkg:cargo/libcrux-ml-dsa"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.0.9"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":[],"arch":["x86_64"]}},"database_specific":{"informational":"notice","categories":[],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0126.json","cvss":null}}],"schema_version":"1.7.5"}