RUSTSEC-2022-0089: 
Rust vulnerability analysis and mitigation

The raw-cpuid crate before version 9.1.1 for Rust contains a vulnerability related to insufficient validation during deserialization operations when the serialize feature is enabled. This vulnerability was discovered and disclosed in December 2021, affecting the raw-cpuid project's implementation in Rust (NVD).

The vulnerability stems from improper input validation (CWE-20) in the deserialization process when the serialize feature is used. The CVSS v3.1 base score is 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a severe security issue. The vulnerability specifically manifests when the serialize feature is enabled, which is not the default configuration (NVD).

When exploited, this vulnerability can lead to memory corruption or cause the application to panic. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability when the vulnerability is successfully exploited (NVD).

The vulnerability has been patched in version 9.1.1 of the raw-cpuid crate. Users are advised to upgrade to this version or later to address the security issue. If immediate upgrading is not possible, users should avoid enabling the serialize feature as it is not enabled by default (NVD).