-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crossbeam-utils Race Condition vulnerability with manual fix #915
Labels
Comments
This issue is stale because it has been open for 180 days with no activity. |
This issue was closed because it has been inactive for 14 days since being marked as stale. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
crossbeam-utils Race Condition vulnerability ###
Impact The affected version of this crate incorrectly assumed that the alignment of
{i,u}64
was always the same asAtomic{I,U}64
. However, the alignment of{i,u}64
on a 32-bit target can be smaller thanAtomic{I,U}64
. This can cause the following problems: - Unaligned memory accesses - Data race Crates usingfetch_*
methods withAtomicCell<{i,u}64>
are affected by this issue. 32-bit targets withoutAtomic{I,U}64
and 64-bit targets are not affected by this issue. 32-bit targets withAtomic{I,U}64
and{i,u}64
have the same alignment are also not affected by this issue. The following is a complete list of the builtin targets that may be affected.(last update: nightly-2022-02-11) - armv7-apple-ios (tier 3) - armv7s-apple-ios (tier 3) - i386-apple-ios (tier 3) - i586-unknown-linux-gnu - i586-unknown-linux-musl - i686-apple-darwin (tier 3) - i686-linux-android - i686-unknown-freebsd - i686-unknown-haiku (tier 3) - i686-unknown-linux-gnu - i686-unknown-linux-musl - i686-unknown-netbsd (tier 3) - i686-unknown-openbsd (tier 3) - i686-wrs-vxworks (tier 3)
(script to get list) ### Patches This has been fixed in crossbeam-utils 0.8.7. Affected 0.8.x releases have been yanked. ### References crossbeam-rs/crossbeam#781 ### License This advisory is in the public domain.
Impact :
The affected version of this crate incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64.
However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64.
This can cause the following problems:
Unaligned memory accesses
Data race
Crates using fetch_* methods with AtomicCell<{i,u}64> are affected by this issue.
32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue.
32-bit targets with Atomic{I,U}64 and {i,u}64 have the same alignment are also not affected by this issue.
The following is a complete list of the builtin targets that may be affected. (last update: nightly-2022-02-11)
armv7-apple-ios (tier 3)
armv7s-apple-ios (tier 3)
i386-apple-ios (tier 3)
i586-unknown-linux-gnu
i586-unknown-linux-musl
i686-apple-darwin (tier 3)
i686-linux-android
i686-unknown-freebsd
i686-unknown-haiku (tier 3)
i686-unknown-linux-gnu
i686-unknown-linux-musl
i686-unknown-netbsd (tier 3)
i686-unknown-openbsd (tier 3)
i686-wrs-vxworks (tier 3)
(script to get list)
Patches
This has been fixed in crossbeam-utils 0.8.7.
Affected 0.8.x releases have been yanked.
References
crossbeam-rs/crossbeam#781
License
This advisory is in the public domain.
References
GHSA-qc84-gqf4-9926
https://nvd.nist.gov/vuln/detail/CVE-2022-23639
crossbeam-rs/crossbeam#781
https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7
https://rustsec.org/advisories/RUSTSEC-2022-0041.html
The text was updated successfully, but these errors were encountered: