{"id":"AZL-61381","summary":"CVE-2022-23639 affecting package rust for versions less than crossbeam_utils-0.8.7","details":"crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell\u003c{i,u}64\u003e` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.","modified":"2026-04-21T04:37:29.543758Z","published":"2022-02-15T19:15:08Z","upstream":["CVE-2022-23639"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23639"}],"affected":[{"package":{"name":"rust","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/rust"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.85.0"},{"fixed":"crossbeam_utils-0.8.7"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61381.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}