Reported

February 13, 2023

Issued

February 14, 2023 (last modified: June 13, 2023)

Package

cortex-m-rt (crates.io)

Type

INFO Unsound

Aliases

• GHSA-xw5j-gv2g-mjm2

References

• https://github.com/rust-embedded/cortex-m/discussions/469

Patched

• >=0.7.3

Unaffected

• <=0.7.0

Description

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main (or any other specified entrypoint), violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2 of the cortex-m-rt crate.

This regression can cause certain compiler optimizations (which assume the eight-byte alignment) to produce incorrect behavior at runtime. This incorrect behavior has been observed in real-world applications.

It is advised that ALL users of v0.7.1 and v0.7.2 of the cortex-m-rt crate update to the latest version (v0.7.3), AS SOON AS POSSIBLE. Users of v0.7.0 and prior versions of cortex-m-rt are not affected by this regression.

It will be necessary to rebuild all affected firmware binaries, and flash or deploy the new firmware binaries to affected devices.

Advisory available under CC0-1.0 license.