Vulnerability CVE-2021-32810

Vulnerability Name:

CVE-2021-32810 (CCN-206600)

Assigned:

2021-08-02

Published:

2021-08-02

Updated:

2021-09-21

Summary:

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-362
CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-32810

Source: XF
Type: UNKNOWN
crossbeam-cve202132810-code-exec(206600)

Source: CCN
Type: crossbeam-deque GIT Repository
Data race in crossbeam-deque

Source: CONFIRM
Type: Third Party Advisory
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-60f0e1bb35

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-e37a366b00

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-e5ec6d55bf

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-32c9adf002

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-a5161737c3

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-537541ceae

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-0f82e9d6d5

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2db6c84087

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-79ce3cb64a

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-af2eb94426

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-5e99655cca

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-67d6c34e5b

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-3cf88e44b4

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-9dc0bd0072

Vulnerable Configuration:

Configuration 1:

cpe:/a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:* (Version < 0.7.4)

OR cpe:/a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:* (Version >= 0.8.0 and < 0.8.1)

Configuration 2:

cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7868	P	MozillaFirefox-102.11.0-150200.152.87.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51971	P	Security update for libtpms (Moderate)	2022-12-13
oval:org.opensuse.security:def:95400	P	Security update for dovecot23 (Important)	2022-07-20
oval:org.opensuse.security:def:3546	P	libICE6-1.0.8-12.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3252	P	libsmi-0.4.8-18.55 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94882	P	MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94806	P	python3-py-1.8.1-5.6.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95176	P	MozillaThunderbird-91.8.0-150200.8.65.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:100056	P	(Important)	2022-03-30
oval:org.opensuse.security:def:6202	P	Security update for bind (Important)	2022-03-21
oval:org.opensuse.security:def:6193	P	Security update for MozillaFirefox (Important)	2022-03-14
oval:org.opensuse.security:def:99745	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:111900	P	MozillaFirefox-93.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:111906	P	MozillaThunderbird-91.2.0-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:111187	P	Security update for MozillaThunderbird (Important)	2021-12-29
oval:org.opensuse.security:def:70847	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:102344	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:67365	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:76433	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:10670	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:96332	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:111845	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:109670	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:10707	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:103004	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:119810	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:1792	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:6276	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:70810	P	Security update for MozillaThunderbird (Important)	2021-12-22
oval:org.opensuse.security:def:99152	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:39960	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:111089	P	Security update for MozillaFirefox (Important)	2021-10-18
oval:org.opensuse.security:def:41166	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:43099	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:44390	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:38669	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:45596	P	Security update for MozillaFirefox, rust-cbindgen (Important)	2021-10-18
oval:org.opensuse.security:def:74383	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:111749	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:4161	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:117699	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:1039	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:4226	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:65250	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:74318	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:101730	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:67291	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:76359	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:108185	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:101519	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:65315	P	Security update for MozillaFirefox (Important)	2021-10-16
oval:org.opensuse.security:def:59810	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:88205	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:33023	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:55960	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:83464	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:126783	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:26147	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:58024	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:86157	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:31285	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:51675	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:60387	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:88522	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:33729	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:56080	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:84222	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:127180	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:29435	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:58846	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:86665	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:31693	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:82642	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:23687	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:89207	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:33987	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:57108	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:84681	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:30137	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:59552	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:87487	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:32201	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:55258	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:83344	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:125616	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:23983	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:89465	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:34564	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:57516	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:85749	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:30257	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:5134	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:com.redhat.rhsa:def:20213838	P	RHSA-2021:3838: thunderbird security update (Important)	2021-10-13
oval:com.redhat.rhsa:def:20213841	P	RHSA-2021:3841: thunderbird security update (Important)	2021-10-13
oval:com.redhat.rhsa:def:20213791	P	RHSA-2021:3791: firefox security update (Important)	2021-10-12
oval:org.opensuse.security:def:106236	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9597	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:99546	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:com.redhat.rhsa:def:20213755	P	RHSA-2021:3755: firefox security update (Important)	2021-10-11
oval:org.opensuse.security:def:92596	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:108779	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:70300	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:102113	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:105647	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:8846	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:66941	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:98957	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:76009	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92007	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:106435	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9796	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:69546	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92795	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:70487	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:105842	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9041	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:67282	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:76350	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92202	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:106722	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:10160	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:69737	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:106037	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:9406	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:99347	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:111740	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:5852	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:92397	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:10347	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:69936	P	Security update for MozillaFirefox (Important)	2021-10-11
oval:org.opensuse.security:def:8659	P	Security update for MozillaFirefox (Important)	2021-10-11

BACK