CVE-2022-36086

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-36086

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36086.json

Aliases

Published

2022-09-07T23:15:14Z

Modified

2023-11-29T09:48:08.370727Z

Details

linkedlistallocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size_of::<usize> because of metadata write operations. This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::init_from_slice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Version 0.10.2 contains a patch for the issue. As a workaround, ensure that the heap is only initialized with a size larger than 3 * size_of::<usize> and that the Heap::extend method is only called with sizes larger than 2 * size_of::<usize>(). Also, ensure that the total heap size is (and stays) a multiple of 2 * size_of::<usize>().

References

Affected packages

Git / github.com/rust-osdev/linked-list-allocator

Affected ranges

Type: GIT
Repo: https://github.com/rust-osdev/linked-list-allocator
Events: Introduced

0The exact introduced commit is unknown

Fixed

013b0758643943e8df5b17bbb495460ff47e8bbf

Affected versions

linked_list_allocator-0.*

linked_list_allocator-0.2.3

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.10.0

v0.10.1

v0.2.0

v0.2.1

v0.2.2

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.7.0

v0.8.0

v0.8.1

v0.8.10

v0.8.11

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1