Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-32810

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/cro...
FEDORA: FEDORA-2021-a5161737c3
FEDORA: FEDORA-2021-0f82e9d6d5
FEDORA: FEDORA-2021-2db6c84087
FEDORA: FEDORA-2021-32c9adf002
FEDORA: FEDORA-2021-3cf88e44b4
FEDORA: FEDORA-2021-537541ceae
FEDORA: FEDORA-2021-5e99655cca
FEDORA: FEDORA-2021-60f0e1bb35
FEDORA: FEDORA-2021-67d6c34e5b
FEDORA: FEDORA-2021-9dc0bd0072
FEDORA: FEDORA-2021-af2eb94426
FEDORA: FEDORA-2021-e37a366b00
FEDORA: FEDORA-2021-e5ec6d55bf
FEDORA: FEDORA-2021-79ce3cb64a

Launchpad.net

CVE 2021-32810

Related bugs

References