This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate sparkle_os

Dependencies

(11 total, 7 outdated, 3 possibly insecure)

CrateRequiredLatestStatus
 rlibc^1.0.01.0.0up to date
 volatile^0.2.60.5.2out of date
 spin ⚠️^0.5.00.9.8out of date
 x86_64^0.7.40.15.1out of date
 multiboot2^0.8.10.19.0out of date
 bitflags^1.1.02.5.0out of date
 linked_list_allocator ⚠️^0.6.40.10.5out of date
 raw-cpuid ⚠️^6.1.011.0.1out of date
 bit_field^0.10.00.10.2up to date
 log^0.4.80.4.21up to date
 lazy_static^1.3.01.4.0up to date

Crate once

No external dependencies! 🙌

Security Vulnerabilities

spin: Wrong memory orderings in RwLock potentially violates mutual exclusion

RUSTSEC-2019-0013

Wrong memory orderings inside the RwLock implementation allow for two writers to acquire the lock at the same time. The drop implementation used Ordering::Relaxed, which allows the compiler or CPU to reorder a mutable access on the locked data after the lock has been yielded.

Only users of the RwLock implementation are affected. Users of Once (including users of lazy_static with the spin_no_std feature enabled) are NOT affected.

On strongly ordered CPU architectures like x86, the only real way that this would lead to a memory corruption is if the compiler reorders an access after the lock is yielded, which is possible but in practice unlikely. It is a more serious issue on weakly ordered architectures such as ARM which, except in the presence of certain instructions, allow the hardware to decide which accesses are seen at what times. Therefore on an ARM system it is likely that using the wrong memory ordering would result in a memory corruption, even if the compiler itself doesn't reorder the memory accesses in a buggy way.

The flaw was corrected by https://github.com/mvdnes/spin-rs/pull/66.

raw-cpuid: Soundness issues in `raw-cpuid`

RUSTSEC-2021-0013

Undefined behavior in as_string() methods

VendorInfo::as_string(), SoCVendorBrand::as_string(), and ExtendedFunctionInfo::processor_brand_string() construct byte slices using std::slice::from_raw_parts(), with data coming from #[repr(Rust)] structs. This is always undefined behavior.

See https://github.com/gz/rust-cpuid/issues/40.

This flaw has been fixed in v9.0.0, by making the relevant structs #[repr(C)].

native_cpuid::cpuid_count() is unsound

native_cpuid::cpuid_count() exposes the unsafe __cpuid_count() intrinsic from core::arch::x86 or core::arch::x86_64 as a safe function, and uses it internally, without checking the safety requirement:

The CPU the program is currently running on supports the function being called.

CPUID is available in most, but not all, x86/x86_64 environments. The crate compiles only on these architectures, so others are unaffected.

This issue is mitigated by the fact that affected programs are expected to crash deterministically every time.

See https://github.com/gz/rust-cpuid/issues/41.

The flaw has been fixed in v9.0.0, by intentionally breaking compilation when targeting SGX or 32-bit x86 without SSE. This covers all affected CPUs.

raw-cpuid: Optional `Deserialize` implementations lacking validation

RUSTSEC-2021-0089

When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to:

  • Undefined behavior in as_string() methods (which use std::str::from_utf8_unchecked() internally).
  • Panics due to failed assertions.

See https://github.com/gz/rust-cpuid/issues/43.

linked_list_allocator: Multiple vulnerabilities resulting in out-of-bounds writes

RUSTSEC-2022-0063

  • The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size_of::<usize> because of metadata write operations.
  • When calling Heap::extend with a size smaller than two usizes (e.g., 16 on x86_64), the size was erroneously rounded up to the minimum size, which could result in an out-of-bounds write.
  • Calling Heap::extend on an empty heap tried to construct a heap starting at address 0, which is also an out-of-bounds write.
    • One specific way to trigger this accidentally is to call Heap::new (or a similar constructor) with a heap size that is smaller than two usizes. This was treated as an empty heap as well.
  • Calling Heap::extend on a heap whose size is not a multiple of the size of two usizes resulted in unaligned writes. It also left the heap in an unexpected state, which might lead to subsequent issues. We did not find a way to exploit this undefined behavior yet (apart from DoS on platforms that fault on unaligned writes).