rustsec-2025-0162
Vulnerability from osv_rustsec
Published
2025-04-23 12:00
Modified
2026-05-20 13:32
Summary
`VMABuffer::set_data` may allow out-of-bounds writes from safe code
Details
VMABuffer::set_data was a publicly accessible safe function. It accepted an arbitrary offset and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation.
Affected versions did not check that the requested write range fit within the allocation before calling ptr.add(offset) and copy_from_nonoverlapping. Safe Rust code could therefore trigger an out-of-bounds write by passing an offset outside the mapped allocation.
This makes the safe API unsound, since callers can trigger undefined behavior without using unsafe.
Version 0.4.0 added a bounds check before performing the pointer arithmetic and copy.
References
{
"affected": [
{
"database_specific": {
"categories": [
"memory-corruption"
],
"cvss": null,
"informational": "unsound"
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [
"vku::VMABuffer::set_data"
],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "vku",
"purl": "pkg:cargo/vku"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "0.4.0"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [],
"database_specific": {
"license": "CC0-1.0"
},
"details": "`VMABuffer::set_data` was a publicly accessible safe function. It accepted an arbitrary `offset` and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation.\n\nAffected versions did not check that the requested write range fit within the allocation before calling `ptr.add(offset)` and `copy_from_nonoverlapping`. Safe Rust code could therefore trigger an out-of-bounds write by passing an offset outside the mapped allocation.\n\nThis makes the safe API unsound, since callers can trigger undefined behavior without using `unsafe`.\n\nVersion `0.4.0` added a bounds check before performing the pointer arithmetic and copy.",
"id": "RUSTSEC-2025-0162",
"modified": "2026-05-20T13:32:31Z",
"published": "2025-04-23T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/vku"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0162.html"
},
{
"type": "REPORT",
"url": "https://github.com/ArrowMaxGithub/vku/issues/5"
},
{
"type": "WEB",
"url": "https://github.com/ArrowMaxGithub/vku/commit/ce02c19ec35e5ee84c00ec5005be9d6d44599b5f"
}
],
"related": [],
"severity": [],
"summary": "`VMABuffer::set_data` may allow out-of-bounds writes from safe code"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…