Bug#1070380: llvm-toolchain-18: CVE-2024-31852

Moritz Mühlenhoff jmm at inutil.org
Sat May 4 17:07:27 BST 2024


Source: llvm-toolchain-18
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for llvm-toolchain-18.

CVE-2024-31852[0]:
| LLVM before 18.1.3 generates code in which the LR register can be
| overwritten without data being saved to the stack, and thus there
| can sometimes be an exploitable error in the flow of control. This
| affects the ARM backend and can be demonstrated with Clang. NOTE:
| the vendor perspective is "we don't have strong objections for a CVE
| to be created ... It does seem that the likelihood of this
| miscompile enabling an exploit remains very low, because the
| miscompile resulting in this JOP gadget is such that the function is
| most likely to crash on most valid inputs to the function. So, if
| this function is covered by any testing, the miscompile is most
| likely to be discovered before the binary is shipped to production."

https://github.com/llvm/llvm-project/issues/80287
https://bugs.chromium.org/p/llvm/issues/detail?id=69
https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-31852
    https://www.cve.org/CVERecord?id=CVE-2024-31852

Please adjust the affected versions in the BTS as needed.



More information about the Pkg-llvm-team mailing list