The ML-KEM ARM64 NEON code path performs a constant-time ciphertext comparison that only covers half of the input data. This incomplete comparison breaks the Fujisaki-Okamoto transform's implicit rejection, which is designed to ensure IND-CCA2 security by rejecting manipulated ciphertexts. Because part of the re-encrypted ciphertext is ignored, a decapsulating party may fail to detect tampering and proceed incorrectly, weakening the cryptographic security of the scheme.

The vulnerability weakens the IND-CCA2 security of the affected cryptographic implementation by allowing manipulated ciphertexts to bypass the implicit rejection check. This could potentially lead to cryptographic failures or security degradation in systems relying on this code path. However, no known exploits are reported in the wild, and the impact is limited to the specific ARM64 NEON implementation of ML-KEM.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are currently available. Users should monitor vendor communications for updates and avoid using the affected code path on ARM64 NEON platforms until a fix is released.