Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zcXg4LXJ2MjctajZncM4ABCrU
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
An issue was identified in the VmFd::create_device function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules.
The function downcasted a mutable reference to its struct kvm_create_device argument to an immutable pointer, and then proceeded to pass this pointer to a mutating system call. Rustc 1.82.0 and newer elides subsequent reads of this structure's fields, meaning code will not see the value written by the kernel into the fd member. Instead, the code will observe the value that this field was initialized to prior to calling VmFd::create_device (usually, 0).
The issue started in kvm-ioctls 0.1.0 and was fixed in 0.19.1 by correctly using
a mutable pointer.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcXg4LXJ2MjctajZncM4ABCrU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 4 days ago
Updated: 4 days ago
Identifiers: GHSA-3qx8-rv27-j6gp
References:
- https://github.com/rust-vmm/kvm/pull/298
- https://rustsec.org/advisories/RUSTSEC-2024-0428.html
- https://github.com/advisories/GHSA-3qx8-rv27-j6gp
Blast Radius: 0.0
Affected Packages
cargo:kvm-ioctls
Dependent packages: 9Dependent repositories: 119
Downloads: 2,173,015 total
Affected Version Ranges: < 0.19.1
Fixed in: 0.19.1
All affected versions: 0.0.1, 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.19.0
All unaffected versions: 0.19.1