CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

async-mutex (>=1.0.1 <=1.4.1), blocking-permit (>=0.1.0 <=1.2.1) +18 more potentially affected by CVE-2020-35915 via futures-intrusive (>=0.2.2 <=0.3.1)

futures-intrusive CARGO version =0.2.2, =1.0.1, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =0.2.0, =0.10.0, =0.3.6, =0.3.7 - raii-counter-futures =0.1.0 - stm32f1xx-futures =0.1.0 - switchyard =0.1.0 and more Source cves: CVE-2020-35915 Source advisory: OSV:GHSA-4HJG-CX88-G9F9...

CVE-2020-35915

CVE-2020-35915 affects the Rust futures-intrusive crate prior to 0.4.0. The issue is that GenericMutexGuard can allow cross-thread data races on non-Sync types due to how the guard tracks access to the locked data, potentially enabling unsafe concurrent access. The vulnerability is documented by ...

async-mutex (>=1.0.1 <=1.4.1), blocking-permit (>=0.1.0 <=1.2.1) +18 more potentially affected by CVE-2020-35915 via futures-intrusive (>=0.2.2 <=0.3.1)

futures-intrusive CARGO version =0.2.2, =1.0.1, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =0.2.0, =0.10.0, =0.3.6, =0.3.7 - raii-counter-futures =0.1.0 - stm32f1xx-futures =0.1.0 - switchyard =0.1.0 and more Source cves: CVE-2020-35915 Source advisory: OSV:RUSTSEC-2020-0072...