GHSA-gv7f-5qqh-vxfx: xous has unsound usages of `core::slice::from_raw_parts`
N/A
CVSS Score
Basic Information
CVE ID
-
GHSA ID
EPSS Score
-
CWE
-
Published
12/30/2024
Updated
12/30/2024
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
-
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| xous | rust | < 0.9.51 | 0.9.51 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two functions in MemoryRange that improperly used core::slice::from_raw_parts. Multiple authoritative sources (GHSA, RustSec advisory, and project's own issue/PR) explicitly identify these functions. The functions allowed casting raw pointers to arbitrary types without validation, demonstrated by the bool slice example that triggers UB. The removal of from_parts and addition of unsafe markers in the patch confirm these were the vulnerable entry points.