Taiki-E

**Name of the Vulnerable Software and Affected Versions** crossbeam-utils versions prior to 0.8.7 **Description** The issue is related to the alignment of `{i,u}64` and `Atomic{I,U}64` in crossbeam-utils, which can cause unaligned memory accesses and data race on 32-bit targets. Crates using `fetch *` methods with `AtomicCell<{i,u}64>` are affected. The estimated number of potentially affected devices is not provided. There are no known real-world incidents where this issue was exploited. Technical details about exploitation include: - The alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. - `fetch *` methods with `AtomicCell<{i,u}64>` are affected. - 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected. **Recommendations** For crossbeam-utils versions prior to 0.8.7, update to version 0.8.7 to resolve the issue. As a temporary workaround, consider avoiding the use of `fetch *` methods with `AtomicCell<{i,u}64>` until a patch is available. Restrict access to crates using `fetch *` methods with `AtomicCell<{i,u}64>` to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: crossbeam-channel versions prior to 0.4.4 Description: The issue is related to the `bounded` channel in the crossbeam-channel library, which incorrectly assumes that `Vec::from iter` allocates capacity equal to the number of iterator elements. However, `Vec::from iter` may allocate extra memory, leading to unsound deallocation with incorrect capacity when reconstructing `Vec` from a raw pointer. This can cause issues with memory management. Recommendations: For versions prior to 0.4.4, upgrade to crossbeam-channel 0.4.4 to fix the issue. As a temporary workaround, consider avoiding the use of the `bounded` channel until the upgrade is possible.