CVE-2022-23639Race Condition in Crossbeam

CWE-362Race Condition7 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 41.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Crossbeam-rs CrossbeamCrossbeam Project CrossbeamDebian Rust-crossbeam-utils+10 more
Timeline
PublishedFeb 15
Latest updateFeb 16

Description

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell` are affected by this issue. 32-bit tar

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages13 packages

debiandebian/rust-crossbeam-utils< rust-crossbeam-utils 0.8.8-1 (bookworm)
CVEListV5crossbeam-rs/crossbeam< 0.8.7

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}642022-02-16
OSV
crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}642022-02-16
OSV
CVE-2022-23639: crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust2022-02-15
OSV
Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*642022-02-05

📋Vendor Advisories

2
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils2022-02-08
Debian
CVE-2022-23639: rust-crossbeam-utils - crossbeam-utils provides atomics, synchronization primitives, scoped threads, an...2022
CVE-2022-23639 — Race Condition in Crossbeam | cvebase