CVE-2022-23639
HIGHcrossbeam-utils < 0.8.7 - Data Race via Unaligned Memory Access in AtomicCell
Title source: llmDescription
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/crossbeam-rs/crossbeam/pull/781
Patch, Third Party Advisory x_refsource_misc
https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7
Scores
CVSS v3
8.1
EPSS
0.0121
EPSS Percentile
64.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-362
Status
published
Products (2)
crates.io/crossbeam-utils
0 - 0.8.7crates.io
crossbeam_project/crossbeam
< 0.8.7
Published
Feb 15, 2022
Tracked Since
Feb 18, 2026