CVE-2021-45687

Name of the Vulnerable Software and Affected Versions: raw-cpuid crate versions prior to 9.1.1

Description: The issue arises when the non-default serialize feature is activated, allowing most structs to implement serde::Deserialize without sufficient validation. This can lead to breaking invariants in safe code, resulting in undefined behavior in as string() methods, which use std::str::from utf8 unchecked() internally, and panics due to failed assertions.

Recommendations: For versions prior to 9.1.1, update to version 9.1.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the serialize feature until a patch is available. Restrict access to the serde::Deserialize implementation to minimize the risk of exploitation. Avoid using the as string() methods in the affected structs until the issue is resolved.