RUSTSEC-2026-0012

Summary

The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block.

Impact

It's unclear what practical impact, if any, this actually had. Incorrect operand types are technically undefined behavior, however changing them had no actual impact on the generated assembly for these targets. The possibility still exists that it may lead to potential memory safety or other issues on hypothetical future versions of rustc.

Mitigation

The operand types were changed from in to inout, and the impacted versions of the keccak crate were yanked.