From 92b3f6dd67691dd79d760c69525ae0e99271ed52 Mon Sep 17 00:00:00 2001
From: John Schanck <jschanck@mozilla.com>
Date: Sun, 24 May 2026 15:10:06 +0200
Subject: [PATCH] Bug 2029782 - fix 8-byte over-read of AES-192 key buffer in
 x86 builds without USE_HW_AES.

---
 security/nss/lib/freebl/aes-x86.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/nss/lib/freebl/aes-x86.c b/security/nss/lib/freebl/aes-x86.c
index edd0b51251..f72d187f29 100644
--- a/security/nss/lib/freebl/aes-x86.c
+++ b/security/nss/lib/freebl/aes-x86.c
@@ -67,7 +67,7 @@ native_key_expansion192(AESContext *cx, const unsigned char *key)
     pre_align __m128i tmp3 post_align;
     pre_align __m128i carry post_align;
     keySchedule[0] = _mm_loadu_si128((__m128i *)key);
-    keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16));
+    keySchedule[1] = _mm_loadl_epi64((__m128i *)(key + 16));
     EXPAND_KEY192(keySchedule[0], keySchedule[1], keySchedule[2],
                   keySchedule[3], carry, 0x1, 0x2);
     EXPAND_KEY192_PART2(keySchedule[4], carry, keySchedule[3]);