Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
1 parent
474984f
commit 3ee71b8
Showing
1 changed file
with
59 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
```toml | ||
[advisory] | ||
id = "RUSTSEC-0000-0000" | ||
package = "crossbeam-utils" | ||
date = "2022-02-05" | ||
informational = "unsound" | ||
categories = ["memory-corruption"] | ||
url = "https://github.com/crossbeam-rs/crossbeam/pull/781" | ||
aliases = ["GHSA-qc84-gqf4-9926", "CVE-2022-23639"] | ||
|
||
[versions] | ||
patched = [">= 0.8.7"] | ||
``` | ||
|
||
# Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64 | ||
|
||
## Impact | ||
|
||
Affected versions of this crate incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64. | ||
|
||
However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64. | ||
|
||
This can cause the following problems: | ||
|
||
- Unaligned memory accesses | ||
- Data race | ||
|
||
Crates using fetch_* methods with AtomicCell<{i,u}64> are affected by this issue. | ||
|
||
32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue. | ||
|
||
32-bit targets with Atomic{I,U}64 and {i,u}64 have the same alignment are also not affected by this issue. | ||
|
||
The following is a complete list of the builtin targets that may be affected. (last update: nightly-2022-02-11) | ||
|
||
- armv7-apple-ios (tier 3) | ||
- armv7s-apple-ios (tier 3) | ||
- i386-apple-ios (tier 3) | ||
- i586-unknown-linux-gnu | ||
- i586-unknown-linux-musl | ||
- i686-apple-darwin (tier 3) | ||
- i686-linux-android | ||
- i686-unknown-freebsd | ||
- i686-unknown-haiku (tier 3) | ||
- i686-unknown-linux-gnu | ||
- i686-unknown-linux-musl | ||
- i686-unknown-netbsd (tier 3) | ||
- i686-unknown-openbsd (tier 3) | ||
- i686-wrs-vxworks (tier 3) | ||
|
||
([script to get list](https://gist.github.com/taiki-e/3c7891e8c5f5e0cbcb44d7396aabfe10)) | ||
|
||
## Patches | ||
|
||
This has been fixed in crossbeam-utils 0.8.7. | ||
|
||
Affected 0.8.x releases have been yanked. | ||
|
||
Thanks to @taiki-e |