1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1070382: llvm-toolchain-16: CVE-2024-31852

    From Moritz =?UTF-8?Q?M=C3=BChlenhoff?=@21:1/5 to All on Sat May 4 18:10:02 2024
    Source: llvm-toolchain-16
    X-Debbugs-CC: team@security.debian.org
    Severity: important
    Tags: security

    Hi,

    The following vulnerability was published for llvm-toolchain-16.

    CVE-2024-31852[0]:
    | LLVM before 18.1.3 generates code in which the LR register can be
    | overwritten without data being saved to the stack, and thus there
    | can sometimes be an exploitable error in the flow of control. This
    | affects the ARM backend and can be demonstrated with Clang. NOTE:
    | the vendor perspective is "we don't have strong objections for a CVE
    | to be created ... It does seem that the likelihood of this
    | miscompile enabling an exploit remains very low, because the
    | miscompile resulting in this JOP gadget is such that the function is
    | most likely to crash on most valid inputs to the function. So, if
    | this function is covered by any testing, the miscompile is most
    | likely to be discovered before the binary is shipped to production."

    https://github.com/llvm/llvm-project/issues/80287 https://bugs.chromium.org/p/llvm/issues/detail?id=69 https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2024-31852
    https://www.cve.org/CVERecord?id=CVE-2024-31852

    Please adjust the affected versions in the BTS as needed.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)