Intel

AIKIDO-2026-362364

crossbeam-epoch is vulnerable to Invalid Pointer Dereference

Invalid Pointer Dereference Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 2 days ago

15

Low Risk

This Affects:

RUSTcrossbeam-epoch
0.9.0 - 0.9.19
Fixed in 0.9.20
Are you affected? Scan for Free

TL;DR

The fmt::Pointer implementation (used by the {:p} formatter) for Atomic<T> and Shared<'_, T> dereferences the underlying raw pointer while formatting it. When the pointer is null (for example from Atomic::null or Shared::null) or otherwise invalid, formatting the value performs an invalid pointer dereference, which is undefined behavior and can crash the process. The 0.9.19 fix only guarded the plain null case and still dereferenced other invalid pointers. The fix stops dereferencing entirely and formats the raw address as a *const () value.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application formats an Atomic or Shared value with its Pointer ({:p}) formatter.

Background info

crossbeam-epoch is vulnerable to Invalid Pointer Dereference in versions 0.9.0 - 0.9.19.

How to fix this

Upgrade the crossbeam-epoch library to the patch version.