CVE-2020-36472

Name of the Vulnerable Software and Affected Versions max7301 crate versions prior to 0.2.0

Description The issue arises from the ImmediateIO and TransactionalIO types implementing Sync for all contained Expander<EI> types, regardless of whether the Expander itself is safe to use across threads. This can lead to non-thread-safe types being sent across threads as part of the Expander, resulting in data races.

Recommendations For max7301 crate versions prior to 0.2.0, consider updating to version 0.2.0 or later to resolve the issue. As a temporary workaround, avoid using the ImmediateIO and TransactionalIO types across threads to minimize the risk of data races. Restrict access to the Expander types to ensure they are not sent across threads, leading to potential data corruption.