prepare first part of raw-cpuid advisory, add solutions

rustsec · Jan 24, 2021 · 593a1ba · 593a1ba
1 parent bf41ad8
commit 593a1ba
Showing 1 changed file with 15 additions and 25 deletions.
diff --git a/crates/raw-cpuid/RUSTSEC-0000-0000.md b/crates/raw-cpuid/RUSTSEC-0000-0000.md
@@ -7,13 +7,13 @@ url = "https://github.com/RustSec/advisory-db/pull/614"
 categories = ["crash", "memory-corruption"]
 
 [versions]
-patched = [">= TODO"]
+patched = [">= 9.0.0"]
 
 [affected]
 arch = ["x86", "x86_64"]
 ```
 
-# Multiple soundness issues in `raw-cpuid`
+# Soundness issues in `raw-cpuid`
 
 ## Undefined behavior in `as_string()` methods
 
@@ -24,36 +24,26 @@ using `std::slice::from_raw_parts()`, with data coming from
 
 See https://github.com/gz/rust-cpuid/issues/40.
 
-TODO: The flaw has been corrected by making the relevant structs `#[repr(C)]`.
+This flaw has been fixed in v9.0.0, by making the relevant structs
+`#[repr(C)]`.
 
-## Combination of `Deserialize` and `as_string()` is unsound
-
-The `as_string()` methods then proceed to use
-`std::str::from_utf8_unchecked()`, which is usually valid, because real vendor
-names etc. are specified to be ASCII. However, if the `serialize` feature is
-enabled, it is also possible to construct the structs with arbitrary values
-using their `serde::Deserialize` implementation, thus causing undefined
-behavior in safe code.
-
-See https://github.com/gz/rust-cpuid/issues/43.
-
-## `native_cpuid::cpuid_count()` is technically unsound
+## `native_cpuid::cpuid_count()` is unsound
 
 `native_cpuid::cpuid_count()` exposes the unsafe `__cpuid_count()` intrinsic
-from `core::arch::x86` or `core::arch::x86_64` as a safe function, without
-checking the
-[safety requirement](https://doc.rust-lang.org/core/arch/index.html#overview)
+from `core::arch::x86` or `core::arch::x86_64` as a safe function, and uses
+it internally, without checking the
+[safety requirement](https://doc.rust-lang.org/core/arch/index.html#overview):
 
 > The CPU the program is currently running on supports the function being
 > called.
 
-which is true for most, but not all, x86/x86_64 CPUs. The crate compiles only
-on these architectures, so others are unaffected.
+CPUID is available in most, but not all, x86/x86_64 environments. The crate
+compiles only on these architectures, so others are unaffected.
 
-The function is exposed transitively by the `cpuid!()` macro and used by most
-of the crate.
-
-This flaw is mitigated by the fact that affected programs are expected to crash
-deterministically every time.
+This issue is mitigated by the fact that affected programs are expected
+to crash deterministically every time.
 
 See https://github.com/gz/rust-cpuid/issues/41.
+
+The flaw has been fixed in v9.0.0, by intentionally breaking compilation
+when targetting SGX or 32-bit x86 without SSE. This covers all affected CPUs.