RUSTSEC-2022-0041
- Source
- https://rustsec.org/advisories/RUSTSEC-2022-0041
- Import Source
- https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0041.json
- JSON Data
- https://api.osv.dev/v1/vulns/RUSTSEC-2022-0041
- Aliases
- Published
- 2022-02-05T12:00:00Z
- Modified
- 2023-11-08T04:08:26.111544Z
- Summary
- Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64
- Details
-
Impact
Affected versions of this crate incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64.
However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64.
This can cause the following problems:
- Unaligned memory accesses
- Data race
Crates using fetch_* methods with AtomicCell<{i,u}64> are affected by this issue.
32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue.
32-bit targets with Atomic{I,U}64 and {i,u}64 have the same alignment are also not affected by this issue.
The following is a complete list of the builtin targets that may be affected. (last update: nightly-2022-02-11)
- armv7-apple-ios (tier 3)
- armv7s-apple-ios (tier 3)
- i386-apple-ios (tier 3)
- i586-unknown-linux-gnu
- i586-unknown-linux-musl
- i686-apple-darwin (tier 3)
- i686-linux-android
- i686-unknown-freebsd
- i686-unknown-haiku (tier 3)
- i686-unknown-linux-gnu
- i686-unknown-linux-musl
- i686-unknown-netbsd (tier 3)
- i686-unknown-openbsd (tier 3)
- i686-wrs-vxworks (tier 3)
Patches
This has been fixed in crossbeam-utils 0.8.7.
Affected 0.8.x releases have been yanked.
Thanks to @taiki-e
- Database specific
{ "license": "CC0-1.0" }- References
Affected packages
crates.io / crossbeam-utils
Package
- Name
- crossbeam-utils
- View open source insights on deps.dev
- Purl
- pkg:cargo/crossbeam-utils