Add CVE-2022-36086 for linked_list_allocator (#1448)

crates/linked_list_allocator/RUSTSEC-0000-0000.md

@@ -0,0 +1,22 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "linked_list_allocator"
+date = "2022-09-07"
+url = "https://github.com/advisories/GHSA-xg8p-34w2-j49j"
+categories = ["memory-corruption"]
+aliases = ["CVE-2022-36086"]
+cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+
+[versions]
+patched = [">= 0.10.2"]
+unaffected = []
+```
+
+# Multiple vulnerabilities resulting in out-of-bounds writes
+
+* The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to **out-of-bound writes** when a heap was initialized with a size smaller than `3 * size_of::<usize>` because of metadata write operations.
+* When calling `Heap::extend` with a size smaller than two `usize`s (e.g., 16 on `x86_64`), the size was erroneously rounded up to the minimum size, which could result in an **out-of-bounds write**.
+* Calling `Heap::extend` on an empty heap tried to construct a heap starting at address 0, which is also an **out-of-bounds write**.
+  * One specific way to trigger this accidentally is to call `Heap::new` (or a similar constructor) with a heap size that is smaller than two `usize`s. This was treated as an empty heap as well.
+* Calling `Heap::extend` on a heap whose size is not a multiple of the size of two `usize`s resulted in unaligned writes. It also left the heap in an unexpected state, which might lead to subsequent issues. We did not find a way to exploit this undefined behavior yet (apart from DoS on platforms that fault on unaligned writes).