CVE-2021-38191Race Condition in Tokio

CWE-362Race ConditionCWE-366Race Condition within a Thread7 documents6 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 43.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TokioDebian Rust-tokioMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0
Timeline
PublishedAug 8
Latest updateSep 23

Description

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

NVDtokio/tokio0.3.01.5.1+3
crates.iotokio/tokio0.3.01.5.1+3

Patches

Patch: rustsec.orgPatch: rustsec.org

🔴Vulnerability Details

3
GHSA
Race condition in tokio2021-08-25
OSV
Race condition in tokio2021-08-25
OSV
Task dropped in wrong thread when aborting `LocalSet` task2021-07-07

📋Vendor Advisories

2
Microsoft
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.2021-08-10
Debian
CVE-2021-38191: rust-tokio - An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHan...2021

📄Research Papers

1
arXiv
Security Review of Ethereum Beacon Clients2021-09-23
CVE-2021-38191 — Race Condition in Tokio | cvebase