CVE-2021-38191

Name of the Vulnerable Software and Affected Versions: tokio crate versions prior to 1.8.1

Description: An issue was discovered in the tokio crate where upon a JoinHandle::abort, a Task may be dropped in the wrong thread. This occurs when aborting a task with JoinHandle::abort and the future is dropped in the thread calling abort if the task is not currently being executed, which is incorrect for tasks spawned on a LocalSet. This can result in race conditions, particularly since many projects use Rc or RefCell in their Tokio tasks for better performance.

Recommendations: For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of JoinHandle::abort for tasks spawned on a LocalSet until a patch is available. Restrict access to tasks that utilize Rc or RefCell to minimize the risk of exploitation.