Bug 1150129 - (CVE-2019-16137) VUL-1: CVE-2019-16137: rust-spin: improper memory handling violates mutual exclusion
(CVE-2019-16137)
VUL-1: CVE-2019-16137: rust-spin: improper memory handling violates mutual ex...
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P4 - Low : Normal (vote)
: Current
Assigned To: Sasi Olin
Security Team bot
https://smash.suse.de/issue/242054/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-10 09:28 UTC by Alexandros Toptsoglou
Modified: 2019-09-11 22:12 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-09-10 09:28:31 UTC
CVE-2019-16137

An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is
used. Because memory ordering is mishandled, two writers can acquire the lock at
the same time, violating mutual exclusion.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16137
https://rustsec.org/advisories/RUSTSEC-2019-0013.html