RUSTSEC-2023-0014

See a problem?
Source
https://rustsec.org/advisories/RUSTSEC-2023-0014
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0014.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2023-0014
Aliases
Published
2023-02-13T12:00:00Z
Modified
2023-11-08T04:24:34.246767Z
Summary
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Details

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main (or any other specified entrypoint), violating the [stack ABI of AAPCS32], the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2 of the cortex-m-rt crate.

This regression can cause certain compiler optimizations (which assume the eight-byte alignment) to produce incorrect behavior at runtime. This incorrect behavior has been [observed in real-world applications].

It is advised that ALL users of v0.7.1 and v0.7.2 of the cortex-m-rt crate update to the latest version (v0.7.3), AS SOON AS POSSIBLE. Users of v0.7.0 and prior versions of cortex-m-rt are not affected by this regression.

It will be necessary to rebuild all affected firmware binaries, and flash or deploy the new firmware binaries to affected devices.

References

Affected packages

crates.io / cortex-m-rt

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.7.1-0
Fixed
0.7.3

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": []
}