CVE-2021-32810 — Race Condition in Crossbeam
Severity
9.8CRITICALNVD
EPSS
1.1%
top 22.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 2
Latest updateNov 3
Description
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::s…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages7 packages
Also affects: Fedora 34
🔴Vulnerability Details
4OSV▶
CVE-2021-32810: crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust↗2021-08-02
📋Vendor Advisories
7Debian▶
CVE-2021-32810: firefox - crossbeam-deque is a package of work-stealing deques for building task scheduler...↗2021