SB2022012101 - Race condition in Rust
Published: January 21, 2022 Updated: January 23, 2022
Security Bulletin ID
SB2022012101
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Race condition (CVE-ID: CVE-2022-21658)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in std::fs::remove_dir_all. A remote attacker can exploit the race, escalate privileges and delete arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- https://github.com/rust-lang/rust/pull/93110
- https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946
- https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf
- https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
- https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714
- https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2