Candidate: CVE-2021-38191
PublicDate: 2021-08-08 06:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38191
 https://rustsec.org/advisories/RUSTSEC-2021-0072.html
 https://github.com/tokio-rs/tokio/issues/3929
 https://github.com/tokio-rs/tokio/pull/3934
 https://github.com/tokio-rs/tokio/pull/3934/commits/84394949228d11d1f68925e26f36c435946b9d11
 https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0072.md
Description:
 An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a
 JoinHandle::abort, a Task may be dropped in the wrong thread.
Ubuntu-Description:
Notes:
 amurray| Only affects version >= 0.3.0 - in Ubuntu all releases currently
  have 0.1.14 so they are not affected.
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H [5.9 MEDIUM]


Patches_rust-tokio:
upstream_rust-tokio: not-affected (debian: Introduced in 0.3.0)
trusty_rust-tokio: ignored (out of standard support)
trusty/esm_rust-tokio: DNE
xenial_rust-tokio: ignored (out of standard support)
bionic_rust-tokio: DNE
focal_rust-tokio: not-affected (code not present)
hirsute_rust-tokio: not-affected (code not present)
impish_rust-tokio: not-affected (code not present)
jammy_rust-tokio: not-affected (code not present)
devel_rust-tokio: not-affected (code not present)