CVE-2024-31852 (GCVE-0-2024-31852)

Vulnerability from cvelistv5 – Published: 2024-04-05 00:00 – Updated: 2024-12-04 21:06
VLAI?
Summary
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production."
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-31852",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T18:46:21.677158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T21:06:04.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:59:50.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/llvm/llvm-project/issues/80287"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://llvm.org/docs/Security.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don\u0027t have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-05T14:36:24.043759",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/llvm/llvm-project/issues/80287"
        },
        {
          "url": "https://llvm.org/docs/Security.html"
        },
        {
          "url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69"
        },
        {
          "url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-31852",
    "datePublished": "2024-04-05T00:00:00",
    "dateReserved": "2024-04-05T00:00:00",
    "dateUpdated": "2024-12-04T21:06:04.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \\\"we don\u0027t have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\\\"\"}, {\"lang\": \"es\", \"value\": \"LLVM anterior a 18.1.3 genera c\\u00f3digo en el que el registro LR se puede sobrescribir sin que los datos se guarden en la pila y, por lo tanto, a veces puede haber un error explotable en el flujo de control. Esto afecta el backend de ARM y se puede demostrar con Clang. NOTA: la perspectiva del proveedor es \\\"no tenemos fuertes objeciones para que se cree un CVE... Parece que la probabilidad de que esta mala compilaci\\u00f3n permita un exploit sigue siendo muy baja, porque la mala compilaci\\u00f3n que resulta en este dispositivo JOP es tal que \\\"Es m\\u00e1s probable que la funci\\u00f3n falle en la mayor\\u00eda de las entradas v\\u00e1lidas de la funci\\u00f3n. Por lo tanto, si esta funci\\u00f3n est\\u00e1 cubierta por alguna prueba, lo m\\u00e1s probable es que se descubra la mala compilaci\\u00f3n antes de que el binario se env\\u00ede a producci\\u00f3n\\\".\"}]",
      "id": "CVE-2024-31852",
      "lastModified": "2024-12-04T21:15:23.467",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}]}",
      "published": "2024-04-05T15:15:08.270",
      "references": "[{\"url\": \"https://bugs.chromium.org/p/llvm/issues/detail?id=69\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/llvm/llvm-project/issues/80287\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://llvm.org/docs/Security.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.chromium.org/p/llvm/issues/detail?id=69\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/llvm/llvm-project/issues/80287\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://llvm.org/docs/Security.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-31852\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-04-05T15:15:08.270\",\"lastModified\":\"2024-12-04T21:15:23.467\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \\\"we don\u0027t have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\\\"\"},{\"lang\":\"es\",\"value\":\"LLVM anterior a 18.1.3 genera c\u00f3digo en el que el registro LR se puede sobrescribir sin que los datos se guarden en la pila y, por lo tanto, a veces puede haber un error explotable en el flujo de control. Esto afecta el backend de ARM y se puede demostrar con Clang. NOTA: la perspectiva del proveedor es \\\"no tenemos fuertes objeciones para que se cree un CVE... Parece que la probabilidad de que esta mala compilaci\u00f3n permita un exploit sigue siendo muy baja, porque la mala compilaci\u00f3n que resulta en este dispositivo JOP es tal que \\\"Es m\u00e1s probable que la funci\u00f3n falle en la mayor\u00eda de las entradas v\u00e1lidas de la funci\u00f3n. Por lo tanto, si esta funci\u00f3n est\u00e1 cubierta por alguna prueba, lo m\u00e1s probable es que se descubra la mala compilaci\u00f3n antes de que el binario se env\u00ede a producci\u00f3n\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"references\":[{\"url\":\"https://bugs.chromium.org/p/llvm/issues/detail?id=69\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/llvm/llvm-project/issues/80287\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://llvm.org/docs/Security.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.chromium.org/p/llvm/issues/detail?id=69\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/llvm/llvm-project/issues/80287\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://llvm.org/docs/Security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/llvm/llvm-project/issues/80287\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://llvm.org/docs/Security.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.chromium.org/p/llvm/issues/detail?id=69\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:59:50.200Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31852\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-31T18:46:21.677158Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-31T18:46:27.295Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/llvm/llvm-project/issues/80287\"}, {\"url\": \"https://llvm.org/docs/Security.html\"}, {\"url\": \"https://bugs.chromium.org/p/llvm/issues/detail?id=69\"}, {\"url\": \"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \\\"we don\u0027t have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-04-05T14:36:24.043759\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-31852\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-04T21:06:04.794Z\", \"dateReserved\": \"2024-04-05T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-04-05T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.