RUSTSEC-2024-0428

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2024-0428

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0428.json

JSON Data

https://api.test.osv.dev/v1/vulns/RUSTSEC-2024-0428

Aliases

GHSA-3qx8-rv27-j6gp

Published

2024-12-05T12:00:00Z

Modified

2025-10-28T06:29:49.999030Z

Summary

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

Details

An issue was identified in the VmFd::create_device function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules.

The function downcasted a mutable reference to its struct kvm_create_device argument to an immutable pointer, and then proceeded to pass this pointer to a mutating system call. Rustc 1.82.0 and newer elides subsequent reads of this structure's fields, meaning code will not see the value written by the kernel into the fd member. Instead, the code will observe the value that this field was initialized to prior to calling VmFd::create_device (usually, 0).

The issue started in kvm-ioctls 0.1.0 and was fixed in 0.19.1 by correctly using a mutable pointer.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / kvm-ioctls

Package

Name: kvm-ioctls; View open source insights on deps.dev
Purl: pkg:cargo/kvm-ioctls

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.19.1

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "arch": [],
        "functions": [
            "kvm_ioctls::ioctls::vm::VmFd::create_device"
        ],
        "os": [
            "linux"
        ]
    }
}

Database specific

informational

"unsound"

cvss

null