CVE-2025-55159

Publication date 11 August 2025

Last updated 13 August 2025

Ubuntu priority

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
rust-slab	25.04 plucky	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-55159
https://github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8
https://github.com/tokio-rs/slab/pull/152
https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv