CVE-2021-31162: 
Alibaba Cloud Linux (Aliyun Linux) vulnerability analysis and mitigation

CVE-2021-31162 is a vulnerability discovered in the Rust programming language's standard library affecting versions before 1.52.0. The vulnerability was disclosed on April 14, 2021, and involves a double free condition that can occur in the Vec::from_iter function specifically when freeing an element panics (CVE-MITRE, NVD).

The vulnerability is classified as a double free vulnerability (CWE-415) in the Vec::from_iter implementation. The issue occurs specifically in the specialization for Vec when freeing an element triggers a panic, leading to a potential double free of the same memory location. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability can result in a double free condition, which could lead to memory corruption and potential program crashes. Because Rust is statically linked, affected applications need to be rebuilt to benefit from the fixes. The actual security implications depend on how these APIs are used in each particular case (Fedora-Advisory).

The vulnerability was fixed in Rust version 1.52.0. Users are advised to upgrade to this version or later. For systems that cannot immediately upgrade, there is no known workaround. The fix was backported to various Linux distributions including Fedora 32, 33, and 34 through security updates (Fedora-Advisory).