CVE-2024-31852

NameCVE-2024-31852
DescriptionLLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1070380, 1070381, 1070382, 1070383, 1070384

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
llvm-toolchain-14 (PTS)bookworm1:14.0.6-12vulnerable
sid1:14.0.6-20vulnerable
llvm-toolchain-15 (PTS)bookworm1:15.0.6-4vulnerable
trixie1:15.0.7-14vulnerable
sid1:15.0.7-15vulnerable
llvm-toolchain-16 (PTS)bullseye1:16.0.6-15~deb11u2vulnerable
bookworm1:16.0.6-15~deb12u1vulnerable
sid, trixie1:16.0.6-27vulnerable
llvm-toolchain-17 (PTS)sid, trixie1:17.0.6-12vulnerable
llvm-toolchain-18 (PTS)sid1:18.1.6-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
llvm-toolchain-14source(unstable)(unfixed)1070384
llvm-toolchain-15source(unstable)(unfixed)1070383
llvm-toolchain-16source(unstable)(unfixed)1070382
llvm-toolchain-17source(unstable)(unfixed)1070381
llvm-toolchain-18source(unstable)(unfixed)1070380

Notes

[bookworm] - llvm-toolchain-14 <no-dsa> (Minor issue)
[bookworm] - llvm-toolchain-15 <no-dsa> (Minor issue)
[bookworm] - llvm-toolchain-16 <no-dsa> (Minor issue)
[bullseye] - llvm-toolchain-16 <no-dsa> (Minor issue)
https://github.com/llvm/llvm-project/issues/80287
https://bugs.chromium.org/p/llvm/issues/detail?id=69
https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2

Search for package or bug name: Reporting problems