CVE-2022-21658: Race condition in std::fs::remove_dir_all in rustlang
First published: Thu Jan 20 2022(Updated: )
LLVM. A race condition was addressed with additional validation.
Credit: Florian Weimer @fweimer Florian Weimer @fweimer Florian Weimer @fweimer Florian Weimer @fweimer security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rust-lang Rust | >=1.0.0<=1.58.0 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Apple iPadOS | <15.4 | |
| Apple iPhone OS | <15.4 | |
| Apple macOS | >=12.0.0<12.3 | |
| Apple tvOS | <15.4 | |
| Apple watchOS | <8.5 | |
| Apple macOS Monterey | <12.3 | 12.3 |
| Apple watchOS | <8.5 | 8.5 |
| Apple tvOS | <15.4 | 15.4 |
| Apple iOS | <15.4 | 15.4 |
| Apple iPadOS | <15.4 | 15.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213183 (Advisory)
- https://support.apple.com/en-us/HT213193 (Advisory)
- https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
- https://github.com/rust-lang/rust/pull/93110
- https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946
- https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf
- https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714
- https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/
- https://security.gentoo.org/glsa/202210-09
- https://support.apple.com/kb/HT213182
- https://support.apple.com/kb/HT213183
- https://support.apple.com/kb/HT213186
- https://support.apple.com/kb/HT213193
- https://support.apple.com/en-us/HT213186 (Advisory)
- https://support.apple.com/en-us/HT213182 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2022-22633
- CVE-2022-22669
- CVE-2022-22665
- CVE-2022-22630
- CVE-2022-22631
- CVE-2022-22625
- CVE-2022-22648
- CVE-2022-22626
- CVE-2022-22627
- CVE-2022-22597
- CVE-2022-22616
- CVE-2022-22663
- CVE-2022-26691
- CVE-2021-22946
- CVE-2021-22947
- CVE-2021-22945
- CVE-2022-22643
- CVE-2022-22657
- CVE-2022-22664
- CVE-2021-30977
- CVE-2022-22611
- CVE-2022-22612
- CVE-2022-46706
- CVE-2022-22661
- CVE-2022-22641
- CVE-2022-22613
- CVE-2022-22614
- CVE-2022-22615
- CVE-2022-22632
- CVE-2022-22638
- CVE-2022-22640
- CVE-2021-30946
- CVE-2021-36976
- CVE-2022-21658
- CVE-2022-22647
- CVE-2022-22656
- CVE-2022-22672
- CVE-2022-22644
- CVE-2022-26690
- CVE-2022-26688
- CVE-2022-22617
- CVE-2022-22609
- CVE-2022-22650
- CVE-2022-22655
- CVE-2022-22600
- CVE-2022-22599
- CVE-2022-22651
- CVE-2022-22639
- CVE-2022-22660
- CVE-2022-22621
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-0156
- CVE-2022-0158
- CVE-2021-30918
- CVE-2022-22662
- CVE-2022-22610
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22637
- CVE-2022-22668
- CVE-2022-22582
- CVE-2022-22666
- CVE-2022-22596
- CVE-2022-22670
- CVE-2022-22618
- CVE-2022-22654
- CVE-2022-22634
- CVE-2022-22635
- CVE-2022-22636
- CVE-2022-22652
- CVE-2022-22598
- CVE-2022-22642
- CVE-2022-22667
- CVE-2022-22653
- CVE-2022-22622
- CVE-2022-22659
- CVE-2022-22671
Frequently Asked Questions
What is CVE-2022-21658?
CVE-2022-21658 is a vulnerability in LLVM that was addressed with additional validation.
Which software versions are affected by CVE-2022-21658?
CVE-2022-21658 affects macOS Monterey 12.3, watchOS up to 8.5, iOS up to 15.4, iPadOS up to 15.4, and tvOS up to 15.4.
How severe is CVE-2022-21658?
The severity of CVE-2022-21658 is not specified.
How can I fix CVE-2022-21658?
To fix CVE-2022-21658, update your software to the specified versions provided by Apple.
Where can I find more information about CVE-2022-21658?
More information about CVE-2022-21658 can be found on the following Apple support pages: [link1], [link2], [link3].
- collector/apple-support
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/event
- agent/tags
- agent/trending
- vendor/apple
- canonical/apple macos monterey
- canonical/apple watchos
- vendor/rust-lang
- canonical/rust-lang rust
- version/rust-lang rust/1.0.0
- version/rust-lang rust/1.58.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/12.0.0
- canonical/apple tvos
- canonical/apple ios