Intel

AIKIDO-2026-717871

mio is vulnerable to Use After Free

Use After Free Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Yesterday

58

Medium Risk

This Affects:

RUSTmio
0.7.2 - 1.2.0
Fixed in 1.2.1
Are you affected? Scan for Free

TL;DR

On Windows, NamedPipe::connect issues an asynchronous ConnectNamedPipe overlapped operation and only afterwards clones and leaks an Arc reference to the pipe's internal Inner state so the IOCP completion handler can keep it alive. Because the completion can run as soon as the operation is issued, the extra reference may be taken too late and the internal reference count momentarily drops to zero, dropping and freeing Inner while NamedPipe still uses it. This causes a use-after-free and a second drop (double free) when the NamedPipe is later dropped, corrupting memory. The fix clones the Arc before calling the overlapped connect and only forgets that clone when the operation is still pending.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and use mio named pipes on Windows.

Background info

mio is vulnerable to Use After Free in versions 0.7.2 - 1.2.0.

How to fix this

Upgrade the mio library to the patch version.