GHSA-xw5j-gv2g-mjm2: Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Version 0.7.1 of the cortex-m-rt
crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main
(or any other specified entrypoint), violating the [stack ABI of AAPCS32], the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2 of the cortex-m-rt
crate.
This regression can cause certain compiler optimizations (which assume the eight-byte alignment) to produce incorrect behavior at runtime. This incorrect behavior has been [observed in real-world applications].
It is advised that ALL users of v0.7.1
and v0.7.2
of the cortex-m-rt
crate update to the latest version (v0.7.3
), AS SOON AS POSSIBLE. Users of v0.7.0
and prior versions of cortex-m-rt
are not affected by this regression.
It will be necessary to rebuild all affected firmware binaries, and flash or deploy the new firmware binaries to affected devices.
References
Detect and mitigate GHSA-xw5j-gv2g-mjm2 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →