Primary

Context

wolfSSL wolfCrypt Protection Mechanism Failure in Post-Quantum Implementations on ARM Cortex-M Microcontrollers

Vulnerability

Patched

A protection mechanism failure has been identified in wolfSSL's wolfCrypt library, specifically in the post-quantum implementations of ML-KEM and ML-DSA, on ARM Cortex-M microcontrollers. This vulnerability allows a physical attacker to compromise key material and cryptographic outcomes by inducing transient faults that corrupt or redirect seed and pointer values during the Keccak-based expansion process. The issue is present in wolfSSL commit d86575c766e6e67ef93545fa69c04d6eb49400c6.

Impact

Exploitation of this vulnerability could lead to the compromise of cryptographic keys and the integrity of cryptographic operations, allowing for potential unauthorized access or manipulation of data.

Remediation

Users are advised to update to the latest version of wolfSSL, where this vulnerability has been addressed.

Added: Mar 19, 2026, 7:20 PM

Updated: Mar 19, 2026, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

3.6

remediation

7.7

relevance

4.1

threat

3.2

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

5.0

exploitability

3.6

remediation

7.7

relevance

4.1

threat

3.2

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL wolfCrypt Protection Mechanism Failure in Post-Quantum Implementations on ARM Cortex-M Microcontrollers

Vulnerability

Impact

Remediation

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating