CVE-2021-38191

MEDIUM5.9EPSS 0.34%

Task dropped in wrong thread when aborting `LocalSet` task

Published: 8/25/2021Modified: 11/8/2023

Also known as:GHSA-2grh-hm3w-w7hvRUSTSEC-2021-0072

Description

When aborting a task with `JoinHandle::abort`, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a `LocalSet`. This can easily result in race conditions as many projects use `Rc` or `RefCell` in their Tokio tasks for better performance. See [tokio#3929][issue] for more details. [issue]: https://github.com/tokio-rs/tokio/issues/3929

Affected packages (2)

crates.io/tokio>= 1.8.0, < 1.8.1
crates.io/tokio>= 0.3.0, < 1.5.1, >= 1.6.0, < 1.6.3, >= 1.7.0, < 1.7.2, >= 1.8.0, < 1.8.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-38191
PATCHhttps://crates.io/crates/tokio
PATCHhttps://github.com/tokio-rs/tokio
WEBhttps://github.com/tokio-rs/tokio/issues/3929
WEBhttps://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0072.md
WEBhttps://rustsec.org/advisories/RUSTSEC-2021-0072.html