CVE-2022-23639
published 2022-02-15CVE-2022-23639: crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to…
PriorityP341high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.22%
65.0th percentile
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crossbeam-rs | crossbeam | < 0.8.7 | 0.8.7 |
| crossbeam_project | crossbeam | < 0.8.7 | 0.8.7 |
| debian | rust-crossbeam-utils | < rust-crossbeam-utils 0.8.8-1 (bookworm) | rust-crossbeam-utils 0.8.8-1 (bookworm) |
| msrc | azl3_librsvg2_2.50.3-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_librsvg2_2.58.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_mozjs_102.15.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_rpm-ostree_2022.1-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_rpm-ostree_2024.4-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_crossbeam_utils-0.8.7_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64
ghsa·2022-02-16
CVE-2022-23639 [HIGH] CWE-362 crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64
crossbeam-utils Unsoundness of AtomicCell arithmetics on 32-bit targets that support Atomic{I,U}64
### Impact
The affected versions of this crate incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`.
However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`.
This can cause the following problems:
- Unaligned memory accesses
- Data race
Crates using `fetch_*` methods with `AtomicCell` are affected by this issue.
32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue.
32-bit targets with `Atomic{I,U}64` and `{i,u}64` have the same alignment are also not affected by this issue.
The following is a complete list of the builtin targets that may be affected. (last update: nightly-2022-
OSV
crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64
osv·2022-02-16
CVE-2022-23639 [HIGH] crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64
crossbeam-utils Unsoundness of AtomicCell arithmetics on 32-bit targets that support Atomic{I,U}64
### Impact
The affected versions of this crate incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`.
However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`.
This can cause the following problems:
- Unaligned memory accesses
- Data race
Crates using `fetch_*` methods with `AtomicCell` are affected by this issue.
32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue.
32-bit targets with `Atomic{I,U}64` and `{i,u}64` have the same alignment are also not affected by this issue.
The following is a complete list of the builtin targets that may be affected. (last update: nightly-2022-
OSV
CVE-2022-23639: crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust
osv·2022-02-15·CVSS 8.1
CVE-2022-23639 [HIGH] CVE-2022-23639: crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.
OSV
Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64
osv·2022-02-05
CVE-2022-23639 Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64
Unsoundness of AtomicCell arithmetics on 32-bit targets that support Atomic*64
## Impact
Affected versions of this crate incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64.
However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64.
This can cause the following problems:
- Unaligned memory accesses
- Data race
Crates using fetch_* methods with AtomicCell are affected by this issue.
32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue.
32-bit targets with Atomic{I,U}64 and {i,u}64 have the same alignment are also not affected by this issue.
The following is a complete list of the builtin targets that may be affected. (last update: nightly-2022-02-11)
- armv7-apple-ios (tier 3)
- armv7
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils
vendor_msrc·2022-02-08·CVSS 8.1
CVE-2022-23639 [HIGH] CWE-362 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils
Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Debian
CVE-2022-23639: rust-crossbeam-utils - crossbeam-utils provides atomics, synchronization primitives, scoped threads, an...
vendor_debian·2022·CVSS 8.1
CVE-2022-23639 [HIGH] CVE-2022-23639: rust-crossbeam-utils - crossbeam-utils provides atomics, synchronization primitives, scoped threads, an...
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.
Scope: local
bookworm: resolved (fixed in 0.8.8-1)
bullseye: open
forky: resolved (fixed in 0.8.8-1)
sid: resolved (fixed in 0.8.8-1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/crossbeam-rs/crossbeam/pull/781https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926https://github.com/crossbeam-rs/crossbeam/pull/781https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
2022-02-15
Published