LLVM before 18.1.3 generates code in which the LR register can be
overwritten without data being saved to the stack, and thus there can
sometimes be an exploitable error in the flow of control. This affects the
ARM backend and can be demonstrated with Clang. NOTE: the vendor
perspective is “we don’t have strong objections for a CVE to be created …
It does seem that the likelihood of this miscompile enabling an exploit
remains very low, because the miscompile resulting in this JOP gadget is
such that the function is most likely to crash on most valid inputs to the
function. So, if this function is covered by any testing, the miscompile is
most likely to be discovered before the binary is shipped to production.”
Author | Note |
---|---|
Priority reason: Upstream doesn’t consider this to be an important issue |
github.com/llvm/llvm-project/issues/80287
github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
launchpad.net/bugs/cve/CVE-2024-31852
llvm.org/docs/Security.html
nvd.nist.gov/vuln/detail/CVE-2024-31852
security-tracker.debian.org/tracker/CVE-2024-31852
www.cve.org/CVERecord?id=CVE-2024-31852