CVE-2020-35914

Name of the Vulnerable Software and Affected Versions lock api versions prior to 0.4.2

Description An issue in the lock api crate for Rust can cause a data race due to unsoundness in certain guard objects, including RwLockWriteGuard, MappedRwLockWriteGuard, MappedMutexGuard, RwLockReadGuard, and MappedRwLockReadGuard. These guards can allow data races through types that are not safe to send across thread boundaries in safe Rust code. The issue was fixed by changing the trait bounds on the Mapped guard types and removing the Sync trait for the RwLock guards.

Recommendations For versions prior to 0.4.2, update to version 0.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable guard objects, such as RwLockWriteGuard, MappedRwLockWriteGuard, MappedMutexGuard, RwLockReadGuard, and MappedRwLockReadGuard, to minimize the risk of exploitation.