CVE-2020-35910
Description
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MappedMutexGuard in lock_api before 0.4.2 allows data races due to missing Send/Sync bounds, enabling unsound concurrent access.
The vulnerability is an unsoundness in the lock_api crate, part of the parking_lot project [1], which provides synchronization primitives for Rust. Prior to version 0.4.2, the MappedMutexGuard type incorrectly implemented the Send and Sync traits without proper bounds on the guarded data type T. This allowed a data race when the guard was sent across threads or shared between threads while the underlying data was not actually thread-safe [2].
Exploitation requires an attacker to create a scenario where a MappedMutexGuard is transferred between threads or shared concurrently, even though the inner type T is not Send or Sync. The unsoundness arises because the type's trait implementations did not enforce these safety invariants, enabling safe Rust code to trigger undefined behavior. The fix, introduced in commit 7de94f9, added the necessary Send and Sync bounds to the guard types [4].
The impact is a potential data race, which can lead to memory corruption, crashes, or other undefined behavior. Since lock_api is used for concurrency control, applications relying on it for thread safety could experience unpredictable behavior under concurrent access [2].
The issue was fixed in lock_api version 0.4.2. Users should update to the latest version. The RustSec advisory (RUSTSEC-2020-0070) provides details and references to the fix [2]. No known workarounds exist other than updating.
- GitHub - Amanieu/parking_lot: Compact and efficient synchronization primitives for Rust. Also provides an API for creating custom synchronization primitives.
- Some lock_api lock guard objects can cause data races › RustSec Advisory Database
- Merge pull request #262 from Amanieu/guard_sync · Amanieu/parking_lot@7de94f9
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lock_apicrates.io | < 0.4.2 | 0.4.2 |
Affected products
2- Rust/lock_apidescription
Patches
17de94f95f519Merge pull request #262 from Amanieu/guard_sync
3 files changed · +5 −7
lock_api/src/lib.rs+2 −0 modified@@ -99,6 +99,8 @@ pub struct GuardSend(()); /// Marker type which indicates that the Guard type for a lock is not `Send`. pub struct GuardNoSend(*mut ()); +unsafe impl Sync for GuardNoSend {} + mod mutex; pub use crate::mutex::*;
lock_api/src/mutex.rs+1 −1 modified@@ -601,7 +601,7 @@ unsafe impl<'a, R: RawMutex + Sync + 'a, T: ?Sized + Sync + 'a> Sync for MappedMutexGuard<'a, R, T> { } -unsafe impl<'a, R: RawMutex + 'a, T: ?Sized + 'a> Send for MappedMutexGuard<'a, R, T> where +unsafe impl<'a, R: RawMutex + 'a, T: ?Sized + Send + 'a> Send for MappedMutexGuard<'a, R, T> where R::GuardMarker: Send { }
lock_api/src/rwlock.rs+2 −6 modified@@ -875,8 +875,6 @@ pub struct RwLockReadGuard<'a, R: RawRwLock, T: ?Sized> { marker: PhantomData<(&'a T, R::GuardMarker)>, } -unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + Sync + 'a> Sync for RwLockReadGuard<'a, R, T> {} - impl<'a, R: RawRwLock + 'a, T: ?Sized + 'a> RwLockReadGuard<'a, R, T> { /// Returns a reference to the original reader-writer lock object. pub fn rwlock(s: &Self) -> &'a RwLock<R, T> { @@ -1051,8 +1049,6 @@ pub struct RwLockWriteGuard<'a, R: RawRwLock, T: ?Sized> { marker: PhantomData<(&'a mut T, R::GuardMarker)>, } -unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + Sync + 'a> Sync for RwLockWriteGuard<'a, R, T> {} - impl<'a, R: RawRwLock + 'a, T: ?Sized + 'a> RwLockWriteGuard<'a, R, T> { /// Returns a reference to the original reader-writer lock object. pub fn rwlock(s: &Self) -> &'a RwLock<R, T> { @@ -1514,7 +1510,7 @@ pub struct MappedRwLockReadGuard<'a, R: RawRwLock, T: ?Sized> { } unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + Sync + 'a> Sync for MappedRwLockReadGuard<'a, R, T> {} -unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + 'a> Send for MappedRwLockReadGuard<'a, R, T> where +unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + Sync + 'a> Send for MappedRwLockReadGuard<'a, R, T> where R::GuardMarker: Send { } @@ -1652,7 +1648,7 @@ unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + Sync + 'a> Sync for MappedRwLockWriteGuard<'a, R, T> { } -unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + 'a> Send for MappedRwLockWriteGuard<'a, R, T> where +unsafe impl<'a, R: RawRwLock + 'a, T: ?Sized + Send + 'a> Send for MappedRwLockWriteGuard<'a, R, T> where R::GuardMarker: Send { }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-ppj3-7jw3-8vc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35910ghsaADVISORY
- github.com/Amanieu/parking_lot/commit/7de94f95f519d8281cb48457964065b463d26736ghsaWEB
- github.com/Amanieu/parking_lot/pull/262ghsaWEB
- rustsec.org/advisories/RUSTSEC-2020-0070.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.