Impact
An issue was discovered in the default implementations of the VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref} trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice function returns a VolatileSlice whose length is less than the function’s count argument. No implementations of get_slice provided in vm_memory are affected. Users of custom VolatileMemory implementations may be impacted if the custom implementation does not adhere to get_slice's documentation.
Patches
The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the VolatileSlice returned by get_slice is of the correct length.
Workarounds
Not Required
References
rust-vmm/vm-memory@aff1dd4
https://crates.io/crates/vm-memory/0.12.2
References
Manishearth Reporter
Impact
An issue was discovered in the default implementations of the
VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}trait functions, which allows out-of-bounds memory access if theVolatileMemory::get_slicefunction returns aVolatileSlicewhose length is less than the function’scountargument. No implementations ofget_sliceprovided invm_memoryare affected. Users of customVolatileMemoryimplementations may be impacted if the custom implementation does not adhere toget_slice's documentation.Patches
The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the
VolatileSlicereturned byget_sliceis of the correct length.Workarounds
Not Required
References
rust-vmm/vm-memory@aff1dd4
https://crates.io/crates/vm-memory/0.12.2
References