CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
29.0%
Wasmtime is a standalone runtime for WebAssembly. There is a bug in
Wasmtime’s code generator, Cranelift, for AArch64 targets where constant
divisors can result in incorrect division results at runtime. This affects
Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue
only affects the AArch64 platform. Other platforms are not affected. The
translation rules for constants did not take into account whether sign or
zero-extension should happen which resulted in an incorrect value being
placed into a register when a division was encountered. The impact of this
bug is that programs executing within the WebAssembly sandbox would not
behave according to the WebAssembly specification. This means that it is
hypothetically possible for execution within the sandbox to go awry and
WebAssembly programs could produce unexpected results. This should not
impact hosts executing WebAssembly but does affect the correctness of guest
programs. This bug has been patched in Wasmtime version 0.38.2 and
cranelift-codegen 0.85.2. There are no known workarounds.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
rodrigo-zaiden | cranelift, the wasmtime code generator is included in firefox, thunderbird and mozjs families. |
github.com/bytecodealliance/wasmtime/commit/2ba4bce5cc719e5a74e571a534424614e62ecc41
github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7f6x-jwh5-m9r4
launchpad.net/bugs/cve/CVE-2022-31169
nvd.nist.gov/vuln/detail/CVE-2022-31169
security-tracker.debian.org/tracker/CVE-2022-31169
www.cve.org/CVERecord?id=CVE-2022-31169