From 4ff6f5f10c0ef1bee08b007f369ca60970838561 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 27 Aug 2025 10:14:39 +1000
Subject: [PATCH] ML-KEM/Kyber: fix out of bouds read

Decompose 5-bit values: Don't read 15 bytes when only have 10 bytes
available.
---
 .wolfssl_known_macro_extras  | 1 +
 wolfcrypt/src/wc_mlkem_asm.S | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
index 95ef25b0a..6a8f6ab7c 100644
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -206,6 +206,7 @@ ENABLE_SECURE_SOCKETS_LOGS
 ESP32
 ESP8266
 ESP_ENABLE_WOLFSSH
+ESP_IDF_VERSION
 ESP_IDF_VERSION_MAJOR
 ESP_IDF_VERSION_MINOR
 ESP_PLATFORM
diff --git a/wolfcrypt/src/wc_mlkem_asm.S b/wolfcrypt/src/wc_mlkem_asm.S
index f3ef6b314..bb36fe928 100644
--- a/wolfcrypt/src/wc_mlkem_asm.S
+++ b/wolfcrypt/src/wc_mlkem_asm.S
@@ -15779,7 +15779,10 @@ _mlkem_decompress_5_avx2:
         vpmullw	%ymm4, %ymm0, %ymm0
         vpmulhrsw	%ymm1, %ymm0, %ymm0
         vmovdqu	%ymm0, 448(%rdi)
-        vbroadcasti128	150(%rsi), %ymm0
+        vmovq	150(%rsi), %xmm0
+        movzxw	158(%rsi), %rdx
+        vpinsrq	$0x01, %rdx, %xmm0, %xmm0
+        vinserti128	$0x01, %xmm0, %ymm0, %ymm0
         vpshufb	%ymm2, %ymm0, %ymm0
         vpand	%ymm3, %ymm0, %ymm0
         vpmullw	%ymm4, %ymm0, %ymm0