CVE-2020-13759: Improper Synchronization and Race Condition in vm-memory

August 25, 2021 (updated June 14, 2022)

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).

References

github.com/advisories/GHSA-mm4m-qg48-f7wc
github.com/rust-vmm/vm-memory
github.com/rust-vmm/vm-memory/issues/93
github.com/rust-vmm/vm-memory/releases/tag/v0.1.1
github.com/rust-vmm/vm-memory/releases/tag/v0.2.1
nvd.nist.gov/vuln/detail/CVE-2020-13759
rustsec.org/advisories/RUSTSEC-2020-0157.html

Detect and mitigate CVE-2020-13759 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →