Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS14dzVqLWd2MmctbWptMs4AAxo-

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main (or any other specified entrypoint), violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2 of the cortex-m-rt crate.

This regression can cause certain compiler optimizations (which assume the eight-byte alignment) to produce incorrect behavior at runtime. This incorrect behavior has been observed in real-world applications.

It is advised that ALL users of v0.7.1 and v0.7.2 of the cortex-m-rt crate update to the latest version (v0.7.3), AS SOON AS POSSIBLE. Users of v0.7.0 and prior versions of cortex-m-rt are not affected by this regression.

It will be necessary to rebuild all affected firmware binaries, and flash or deploy the new firmware binaries to affected devices.

Permalink: https://github.com/advisories/GHSA-xw5j-gv2g-mjm2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dzVqLWd2MmctbWptMs4AAxo-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago

Identifiers: GHSA-xw5j-gv2g-mjm2
References:

• https://github.com/rust-embedded/cortex-m/discussions/469
• https://rustsec.org/advisories/RUSTSEC-2023-0014.html
• https://github.com/advisories/GHSA-xw5j-gv2g-mjm2

Repository: https://github.com/rust-embedded/cortex-m
Blast Radius: 0.0

Affected Packages