CVE-2022-36086 Information

Description

linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2 the heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 size_of::<usize> because of metadata write operations. This vulnerability impacts all the initialization functions on the Heap and LockedHeap types including Heap::new Heap::init Heap::init_from_slice and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Version 0.10.2 contains a patch for the issue. As a workaround ensure that the heap is only initialized with a size larger than 3 size_of::<usize> and that the Heap::extend method is only called with sizes larger than 2 size_of::<usize>(). Also ensure that the total heap size is (and stays) a multiple of 2 size_of::<usize>().

Reference

https://github.com/rust-osdev/linked-list-allocator/security/advisories/GHSA-xg8p-34w2-j49j https://github.com/rust-osdev/linked-list-allocator/commit/013b0758643943e8df5b17bbb495460ff47e8bbf