CVE-2020-35912

Name of the Vulnerable Software and Affected Versions lock api versions prior to 0.4.2

Description An issue in the lock api crate for Rust can cause a data race due to unsoundness in certain guard objects. These include MappedMutexGuard, MappedRwLockReadGuard, MappedRwLockWriteGuard, RwLockReadGuard, and RwLockWriteGuard. The unsoundness allows data races through types that are not safe to send across thread boundaries in safe Rust code.

Recommendations For versions prior to 0.4.2, update to version 0.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable guard objects, namely MappedMutexGuard, MappedRwLockReadGuard, MappedRwLockWriteGuard, RwLockReadGuard, and RwLockWriteGuard, to minimize the risk of exploitation.