vulnerability
Ubuntu: (CVE-2022-23639): firefox vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Feb 15, 2022 | Nov 19, 2024 | Oct 30, 2025 |
Description
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.
Solutions
References
- CVE-2022-23639
- https://attackerkb.com/topics/CVE-2022-23639
- CWE-362
- URL-https://github.com/crossbeam-rs/crossbeam/pull/781
- URL-https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7
- URL-https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
- URL-https://www.cve.org/CVERecord?id=CVE-2022-23639
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.