diff --git a/crates/raw-cpuid/RUSTSEC-0000-0000.md b/crates/raw-cpuid/RUSTSEC-0000-0000.md index 28d14bb..bc09fbb 100644 --- a/crates/raw-cpuid/RUSTSEC-0000-0000.md +++ b/crates/raw-cpuid/RUSTSEC-0000-0000.md @@ -4,16 +4,16 @@ id = "RUSTSEC-0000-0000" package = "raw-cpuid" date = "2021-01-20" url = "https://github.com/RustSec/advisory-db/pull/614" -categories = ["crash", "memory-corruption"] +categories = ["memory-corruption", "denial-of-service"] [versions] -patched = [">= TODO"] +patched = [">= 9.0.0"] [affected] arch = ["x86", "x86_64"] ``` -# Multiple soundness issues in `raw-cpuid` +# Soundness issues in `raw-cpuid` ## Undefined behavior in `as_string()` methods @@ -24,36 +24,26 @@ using `std::slice::from_raw_parts()`, with data coming from See https://github.com/gz/rust-cpuid/issues/40. -TODO: The flaw has been corrected by making the relevant structs `#[repr(C)]`. +This flaw has been fixed in v9.0.0, by making the relevant structs +`#[repr(C)]`. -## Combination of `Deserialize` and `as_string()` is unsound - -The `as_string()` methods then proceed to use -`std::str::from_utf8_unchecked()`, which is usually valid, because real vendor -names etc. are specified to be ASCII. However, if the `serialize` feature is -enabled, it is also possible to construct the structs with arbitrary values -using their `serde::Deserialize` implementation, thus causing undefined -behavior in safe code. - -See https://github.com/gz/rust-cpuid/issues/43. - -## `native_cpuid::cpuid_count()` is technically unsound +## `native_cpuid::cpuid_count()` is unsound `native_cpuid::cpuid_count()` exposes the unsafe `__cpuid_count()` intrinsic -from `core::arch::x86` or `core::arch::x86_64` as a safe function, without -checking the -[safety requirement](https://doc.rust-lang.org/core/arch/index.html#overview) +from `core::arch::x86` or `core::arch::x86_64` as a safe function, and uses +it internally, without checking the +[safety requirement](https://doc.rust-lang.org/core/arch/index.html#overview): > The CPU the program is currently running on supports the function being > called. -which is true for most, but not all, x86/x86_64 CPUs. The crate compiles only -on these architectures, so others are unaffected. +CPUID is available in most, but not all, x86/x86_64 environments. The crate +compiles only on these architectures, so others are unaffected. -The function is exposed transitively by the `cpuid!()` macro and used by most -of the crate. - -This flaw is mitigated by the fact that affected programs are expected to crash -deterministically every time. +This issue is mitigated by the fact that affected programs are expected +to crash deterministically every time. See https://github.com/gz/rust-cpuid/issues/41. + +The flaw has been fixed in v9.0.0, by intentionally breaking compilation +when targetting SGX or 32-bit x86 without SSE. This covers all affected CPUs.