GHSA-FHVH-VW7H-9XF3: AVX2 ML-DSA Verification Forgery Fix Review
Summary
The available patch evidence indicates a security fix for an incorrect AVX2 use_hint implementation in libcrux-ml-dsa, with accompanying verification test expansion for malformed signatures that violate an infinity norm condition. Based on the advisory and changelog, the vulnerability is a signature forgery issue affecting AVX2-backed verification paths. The patch appears directionally correct and likely addresses the root logic defect, but the provided diff excerpt is test-heavy and does not expose the underlying AVX2 code change, limiting direct confirmation of completeness from source alone.
Analysis
Vulnerability
GHSA-FHVH-VW7H-9XF3 describes a cryptographic signature forgery issue in libcrux-ml-dsa caused by an incorrect AVX2 implementation of use_hint. The security impact is severe: malformed ML-DSA signatures can be accepted as valid on affected hardware paths, which breaks the core authenticity guarantee of signature verification.
The patch summary and changelog explicitly tie the issue to the AVX2 path rather than the generic algorithm definition. That distinction matters because it implies a platform-conditional verification discrepancy: implementations using AVX2 may validate signatures that should be rejected, while other code paths may not. In cryptographic libraries, such SIMD-specific divergence is especially dangerous because it can evade functional testing if only one backend is exercised.
The provided test updates also indicate that invalid signatures violating an infinity norm condition were not being rejected consistently before the fix. The addition of a dedicated InfinityNormViolation classification in the verification schema and the increase in Wycheproof test volume strongly suggest the bug manifested as insufficient validation of malformed signature structure or bounds during verification.
CHANGELOG.md
- (libcrux-ml-dsa) [#1398](https://github.com/cryspen/libcrux/pull/1398): Fix incorrect AVX2 use_hint implementation
crates/testing/kats/src/wycheproof/mldsa/verify_schema.rs
InfinityNormViolation,
InvalidSignature,Sources: pull request #1398, GitHub Security Advisory, third-party report.
Patch
The visible patch evidence shows three concrete remediation signals.
- The changelog records a targeted fix for the incorrect AVX2
use_hintimplementation in PR #1398. - The verification schema adds an
InfinityNormViolationresult category, which improves test expressiveness and makes the failure mode explicit. - The Wycheproof ML-DSA verification corpus grows from 80 to 148 tests, indicating broader negative coverage for malformed signatures.
The strongest source-grounded inference is that the patch does not merely rename an error class; it also introduces regression vectors intended to catch the exact malformed-signature acceptance pattern associated with the AVX2 logic error. That is a good sign for long-term stability because cryptographic verification bugs often reappear when backend-specific optimizations are refactored.
[VULNERABLE]
"numberOfTests": 80,
[PATCHED]
"InfinityNormViolation": {
"bugType": "BASIC",
"description": "The signature violates an infinity norm condition."
...
"numberOfTests": 148,However, the supplied diff excerpt does not include the actual AVX2 implementation change. As a result, the review can confirm the presence of security-oriented regression coverage and the maintainer-stated intent to fix the AVX2 logic, but it cannot independently inspect whether the low-level vectorized arithmetic, masking, or hint application semantics now exactly match the scalar/reference implementation.
Review
Pros
- The patch is explicitly scoped to the stated root issue: incorrect AVX2
use_hintbehavior, as documented in the changelog and advisory. - Regression coverage was expanded substantially, from 80 to 148 Wycheproof verification tests, which is appropriate for a signature-validation flaw.
- The new
InfinityNormViolationclassification makes the rejected condition more precise and improves diagnosability of malformed-signature cases. - The patch appears to align tests with a concrete cryptographic invariant rather than relying on a generic invalid-signature bucket, which reduces ambiguity in future failures.
Cons
- The provided patch material does not expose the actual AVX2 code delta, so independent verification of algorithmic correctness is limited.
- There is no visible proof in the excerpt that scalar, portable SIMD, and AVX2 backends are now cross-checked for behavioral equivalence on the same corpus.
- The available evidence is focused on verification tests; it does not show whether property-based, differential, or backend-consistency tests were added to prevent similar implementation drift.
- Because the issue is backend-specific and cryptographic, confidence would be higher if the patch also demonstrated explicit parity tests against a known-good reference path.
Verdict
Root-cause.
Based on the advisory and the changelog entry in PR #1398, the fix is aimed at the underlying AVX2 use_hint logic defect rather than merely filtering one known bad input shape. The added Wycheproof coverage for InfinityNormViolation cases supports that interpretation by codifying the invalid condition that should be rejected during verification. The main reservation is evidentiary, not architectural: the supplied diff does not include the AVX2 implementation itself, so completeness cannot be fully audited from the excerpt alone. Still, the patch as presented is consistent with a root-cause correction backed by regression tests, not a superficial bandaid.
Recommended Labs
Try this vulnerability pattern yourself with hands-on labs.
- Drain.move
Closest match for a signature/authenticity-validation failure. It is tagged with CWE-345 and CWE-20, which align well with the core lesson from GHSA-FHVH-VW7H-9XF3: never trust malformed or incorrectly validated authenticity data, and enforce strict verification logic.
- Pollution.go
Useful defensive practice for validation logic and parser ambiguity issues. While not a cryptography-specific lab, it trains the same mindset needed for reviewing signature-verification paths: canonicalization, strict input handling, and avoiding subtle logic errors that let invalid data pass validation.
- Confusable.go
Good supporting lab for identity/authentication trust failures. It focuses on confusion and improper acceptance of deceptive input, which maps conceptually to signature forgery bugs where incorrect comparison or validation logic causes the system to accept attacker-controlled values as legitimate.