- Affected Architectures
Undefined behavior in
ExtendedFunctionInfo::processor_brand_string() construct byte slices
std::slice::from_raw_parts(), with data coming from
#[repr(Rust)] structs. This is always undefined behavior.
This flaw has been fixed in v9.0.0, by making the relevant structs
native_cpuid::cpuid_count() is unsound
native_cpuid::cpuid_count() exposes the unsafe
core::arch::x86_64 as a safe function, and uses
it internally, without checking the
The CPU the program is currently running on supports the function being
CPUID is available in most, but not all, x86/x86_64 environments. The crate
compiles only on these architectures, so others are unaffected.
This issue is mitigated by the fact that affected programs are expected
to crash deterministically every time.
The flaw has been fixed in v9.0.0, by intentionally breaking compilation
when targetting SGX or 32-bit x86 without SSE. This covers all affected CPUs.