CVE-2022-36086

Name of the Vulnerable Software and Affected Versions linked list allocator versions prior to 0.10.2

Description The heap initialization methods in linked list allocator were missing a minimum size check for the given heap size argument, which could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 * size of::<usize>. This issue affects all initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::init from slice, and LockedHeap::new, as well as multiple uses of the Heap::extend method.

Recommendations To resolve the issue, upgrade to version 0.10.2 or later. As a temporary workaround, ensure that the heap is only initialized with a size larger than 3 * size of::<usize> and that the Heap::extend method is only called with sizes larger than 2 * size of::<usize>(). Also, ensure that the total heap size is (and stays) a multiple of 2 * size of::<usize>().