Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2021-0013: Soundness issues in raw-cpuid #164

Closed
github-actions bot opened this issue Jan 25, 2021 · 0 comments
Closed

RUSTSEC-2021-0013: Soundness issues in raw-cpuid #164

github-actions bot opened this issue Jan 25, 2021 · 0 comments

Comments

@github-actions
Copy link
Contributor

Soundness issues in raw-cpuid

Details
Package raw-cpuid
Version 8.1.2
URL rustsec/advisory-db#614
Date 2021-01-20
Patched versions >=9.0.0

Undefined behavior in as_string() methods

VendorInfo::as_string(), SoCVendorBrand::as_string(),
and ExtendedFunctionInfo::processor_brand_string() construct byte slices
using std::slice::from_raw_parts(), with data coming from
#[repr(Rust)] structs. This is always undefined behavior.

See gz/rust-cpuid#40.

This flaw has been fixed in v9.0.0, by making the relevant structs
#[repr(C)].

native_cpuid::cpuid_count() is unsound

native_cpuid::cpuid_count() exposes the unsafe __cpuid_count() intrinsic
from core::arch::x86 or core::arch::x86_64 as a safe function, and uses
it internally, without checking the
safety requirement:

> The CPU the program is currently running on supports the function being
> called.

CPUID is available in most, but not all, x86/x86_64 environments. The crate
compiles only on these architectures, so others are unaffected.

This issue is mitigated by the fact that affected programs are expected
to crash deterministically every time.

See gz/rust-cpuid#41.

The flaw has been fixed in v9.0.0, by intentionally breaking compilation
when targetting SGX or 32-bit x86 without SSE. This covers all affected CPUs.

See advisory page for additional details.
@stlankes stlankes mentioned this issue Feb 1, 2021
Closed
stlankes added a commit to stlankes/kernel that referenced this issue Feb 2, 2021
@stlankes
clearify license text, add workround to use raw-cpuid
55704c6 
The workaround should solve issue hermit-os#164 and
is only necessry until gz/rust-x86#71 is accepted.
@stlankes stlankes mentioned this issue Feb 2, 2021
Merged
bors bot added a commit that referenced this issue Feb 3, 2021
@bors @stlankes
Merge #166
166ef71 
166: clearify license text, add workround to use raw-cpuid r=stlankes a=stlankes

The workaround should solve issue #164 and is only necessry until gz/rust-x86#71 is accepted.

Co-authored-by: Stefan Lankes <[email protected]>
bors bot added a commit that referenced this issue Feb 3, 2021
@bors @stlankes
Merge #166
18cbf90 
166: clearify license text, add workround to use raw-cpuid r=stlankes a=stlankes

The workaround should solve issue #164 and is only necessry until gz/rust-x86#71 is accepted.

Co-authored-by: Stefan Lankes <[email protected]>
@stlankes stlankes closed this as completed Feb 3, 2021
simonschoening pushed a commit to simonschoening/libhermit-rs that referenced this issue Aug 26, 2021
@stlankes
clearify license text, add workround to use raw-cpuid
e3507ab 
The workaround should solve issue hermit-os#164 and
is only necessry until gz/rust-x86#71 is accepted.
simonschoening pushed a commit to simonschoening/libhermit-rs that referenced this issue Aug 26, 2021
@bors @stlankes
Merge hermit-os#166
6f937e2 
166: clearify license text, add workround to use raw-cpuid r=stlankes a=stlankes

The workaround should solve issue hermit-os#164 and is only necessry until gz/rust-x86#71 is accepted.

Co-authored-by: Stefan Lankes <[email protected]>
@mkroening mkroening mentioned this issue Jul 9, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stlankes