Skip to content

Added RwLock advisory for spin#2994

Open
zesterer wants to merge 1 commit into
rustsec:mainfrom
zesterer:main
Open

Added RwLock advisory for spin#2994
zesterer wants to merge 1 commit into
rustsec:mainfrom
zesterer:main

Conversation

@zesterer

@zesterer zesterer commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Affected crate(s)

  • spin (96,170,945 recent downloads)

Links to upstream issue(s) or PR(s)

https://codeberg.org/zesterer/spin/issues/189

Severity

While the potential severity of the issue is high (undue guard drop logic being run causes guarded data to be exposed outside of a critical section), the practical severity is medium-low: the code path is incredibly seldom used, perhaps not by anybody, which explains why it took almost 6 years for the issue to be discovered.

Checklist

  • Advisory filename(s) starts with RUSTSEC-0000-0000 as the ID
  • date field is set to the public disclosure date
  • Contains a concise and descriptive title after advisory metadata
  • Asked maintainer(s) if publishing an advisory is appropriate

@zesterer

zesterer commented Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

It seems like the function name parser in CI is insufficient to parse the affected function name correctly.

@zesterer

zesterer commented Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

I changed the function name from <spin::RwLock as lock_api::RawRwLockUpgrade>::try_upgrade to spin::RwLock::try_upgrade in the interest of getting this merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zesterer