Lucene search

Ubuntu.comUB:CVE-2022-31146

HistoryJul 21, 2022 - 12:00 a.m.

CVE-2022-31146

2022-07-2100:00:00

ubuntu.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.6%

JSON

Wasmtime is a standalone runtime for WebAssembly. There is a bug in the
Wasmtime’s code generator, Cranelift, where functions using reference types
may be incorrectly missing metadata required for runtime garbage
collection. This means that if a GC happens at runtime then the GC pass
will mistakenly think these functions do not have live references to GC’d
values, reclaiming them and deallocating them. The function will then
subsequently continue to use the values assuming they had not been GC’d,
leading later to a use-after-free. This bug was introduced in the migration
to the regalloc2 register allocator that occurred in the Wasmtime 0.37.0
release on 2022-05-20. This bug has been patched and users should upgrade
to Wasmtime version 0.38.2. Mitigations for this issue can be achieved by
disabling the reference types proposal by passing false to
wasmtime::Config::wasm_reference_types or downgrading to Wasmtime 0.36.0
or prior.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap
rodrigo-zaiden	cranelift, the wasmtime code generator is included in firefox, thunderbird and mozjs families.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmozjs38< anyUNKNOWN
ubuntu18.04noarchmozjs52< anyUNKNOWN
ubuntu20.04noarchmozjs52< anyUNKNOWN
ubuntu20.04noarchmozjs68< anyUNKNOWN
ubuntu22.04noarchmozjs78< anyUNKNOWN
ubuntu22.04noarchmozjs91< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	mozjs38	< any	UNKNOWN
ubuntu	18.04	noarch	mozjs52	< any	UNKNOWN
ubuntu	20.04	noarch	mozjs52	< any	UNKNOWN
ubuntu	20.04	noarch	mozjs68	< any	UNKNOWN
ubuntu	22.04	noarch	mozjs78	< any	UNKNOWN
ubuntu	22.04	noarch	mozjs91	< any	UNKNOWN

References

github.com/bytecodealliance/wasmtime/

github.com/bytecodealliance/wasmtime/commit/2154c63de94e0372bca5a596c3eaf90147c922d1

github.com/bytecodealliance/wasmtime/security/advisories/GHSA-5fhj-g3p3-pq9g

github.com/WebAssembly/reference-types

launchpad.net/bugs/cve/CVE-2022-31146

nvd.nist.gov/vuln/detail/CVE-2022-31146

security-tracker.debian.org/tracker/CVE-2022-31146

www.cve.org/CVERecord?id=CVE-2022-31146

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.6%

JSON

Related for UB:CVE-2022-31146