Vulnerability Name:

CVE-2021-32810 (CCN-206600)

Assigned:2021-08-02
Published:2021-08-02
Updated:2021-09-21
Summary:crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-362
CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-32810

Source: XF
Type: UNKNOWN
crossbeam-cve202132810-code-exec(206600)

Source: CCN
Type: crossbeam-deque GIT Repository
Data race in crossbeam-deque

Source: CONFIRM
Type: Third Party Advisory
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-60f0e1bb35

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-e37a366b00

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-e5ec6d55bf

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-32c9adf002

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-a5161737c3

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-537541ceae

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-0f82e9d6d5

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2db6c84087

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-79ce3cb64a

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-af2eb94426

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-5e99655cca

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-67d6c34e5b

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-3cf88e44b4

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-9dc0bd0072

Vulnerable Configuration:Configuration 1:
  • cpe:/a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:* (Version < 0.7.4)
  • OR cpe:/a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:* (Version >= 0.8.0 and < 0.8.1)

  • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7868
    P
    MozillaFirefox-102.11.0-150200.152.87.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:51971
    P
    Security update for libtpms (Moderate)
    2022-12-13
    oval:org.opensuse.security:def:95400
    P
    Security update for dovecot23 (Important)
    2022-07-20
    oval:org.opensuse.security:def:3546
    P
    libICE6-1.0.8-12.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3252
    P
    libsmi-0.4.8-18.55 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94882
    P
    MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94806
    P
    python3-py-1.8.1-5.6.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95176
    P
    MozillaThunderbird-91.8.0-150200.8.65.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:100056
    P
    (Important)
    2022-03-30
    oval:org.opensuse.security:def:6202
    P
    Security update for bind (Important)
    2022-03-21
    oval:org.opensuse.security:def:6193
    P
    Security update for MozillaFirefox (Important)
    2022-03-14
    oval:org.opensuse.security:def:99745
    P
    (Moderate)
    2022-02-04
    oval:org.opensuse.security:def:111900
    P
    MozillaFirefox-93.0-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:111906
    P
    MozillaThunderbird-91.2.0-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:111187
    P
    Security update for MozillaThunderbird (Important)
    2021-12-29
    oval:org.opensuse.security:def:70847
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:102344
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:67365
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:76433
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:10670
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:96332
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:111845
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:109670
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:10707
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:103004
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:119810
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:1792
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:6276
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:70810
    P
    Security update for MozillaThunderbird (Important)
    2021-12-22
    oval:org.opensuse.security:def:99152
    P
    (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:39960
    P
    Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:111089
    P
    Security update for MozillaFirefox (Important)
    2021-10-18
    oval:org.opensuse.security:def:41166
    P
    Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:43099
    P
    Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:44390
    P
    Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:38669
    P
    Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:45596
    P
    Security update for MozillaFirefox, rust-cbindgen (Important)
    2021-10-18
    oval:org.opensuse.security:def:74383
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:111749
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:4161
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:117699
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:1039
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:4226
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:65250
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:74318
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:101730
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:67291
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:76359
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:108185
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:101519
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:65315
    P
    Security update for MozillaFirefox (Important)
    2021-10-16
    oval:org.opensuse.security:def:59810
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:88205
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:33023
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:55960
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:83464
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:126783
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:26147
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:58024
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:86157
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:31285
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:51675
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:60387
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:88522
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:33729
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:56080
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:84222
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:127180
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:29435
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:58846
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:86665
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:31693
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:82642
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:23687
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:89207
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:33987
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:57108
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:84681
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:30137
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:59552
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:87487
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:32201
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:55258
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:83344
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:125616
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:23983
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:89465
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:34564
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:57516
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:85749
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:30257
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:5134
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:com.redhat.rhsa:def:20213838
    P
    RHSA-2021:3838: thunderbird security update (Important)
    2021-10-13
    oval:com.redhat.rhsa:def:20213841
    P
    RHSA-2021:3841: thunderbird security update (Important)
    2021-10-13
    oval:com.redhat.rhsa:def:20213791
    P
    RHSA-2021:3791: firefox security update (Important)
    2021-10-12
    oval:org.opensuse.security:def:106236
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:9597
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:99546
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:com.redhat.rhsa:def:20213755
    P
    RHSA-2021:3755: firefox security update (Important)
    2021-10-11
    oval:org.opensuse.security:def:92596
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:108779
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:70300
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:102113
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:105647
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:8846
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:66941
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:98957
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:76009
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:92007
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:106435
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:9796
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:69546
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:92795
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:70487
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:105842
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:9041
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:67282
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:76350
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:92202
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:106722
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:10160
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:69737
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:106037
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:9406
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:99347
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:111740
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:5852
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:92397
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:10347
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:69936
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    oval:org.opensuse.security:def:8659
    P
    Security update for MozillaFirefox (Important)
    2021-10-11
    BACK
    crossbeam_project crossbeam *
    crossbeam_project crossbeam *
    fedoraproject fedora 34