Bugzilla – Bug 1222739
VUL-0: CVE-2024-31852: llvm: LR register can be overwritten without data being saved to the stack on ARM
Last modified: 2024-05-08 10:40:04 UTC
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production." References: https://llvm.org/docs/Security.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-31852 https://www.cve.org/CVERecord?id=CVE-2024-31852 https://bugs.chromium.org/p/llvm/issues/detail?id=69 https://github.com/llvm/llvm-project/issues/80287 https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2 https://bugzilla.redhat.com/show_bug.cgi?id=2273715
As shown in the references for this bug, the GitHub issue related to the vulnerability is issue 80287 [0]. The corresponding PR that fixes the issue is PR 82745 [1]. In this PR's description and even in the message for the merged commit that fixes the issue [2], it is possible to see a reference to PR 75527 [3]. The changes applied through this other PR [4] look like they to need to be applied in order to allow the vulnerability being considered in this bug to be completely patched. [0] https://github.com/llvm/llvm-project/issues/80287 [1] https://github.com/llvm/llvm-project/pull/82745 [2] https://github.com/llvm/llvm-project/commit/749384c08e042739342c88b521c8ba5dac1b9276 [3] https://github.com/llvm/llvm-project/pull/75527 [4] https://github.com/llvm/llvm-project/commit/b1a5ee1febd8a903cec3dfdad61d57900dc3823e
The initial description of the LLVM issue says Clang versions info: llvmorg-17-init - bug wasn't detected llvmorg-17.0.2 - bug detected llvmorg-17.0.6 - bug detected llvmorg-18-init - bug detected I see no indication that llvm versions as old as llvm7 should be affected. Only arm 32bit is affected, that's the only arch affected by the fix. I'll note that on SLES there's neither support for clang nor support for arm 32 code generation using it. No support for _any_ clang/llvm version. So SLES is unaffected. Without indication otherwise only llvm17 or llvm18 are affected. A fix will tickle into openSUSE:Factory for the releases upstream still maintains which is only llvm18. No further updates are planned, in particular none to the SLE codestreams.
(In reply to Richard Biener from comment #5) > Without indication otherwise only llvm17 or llvm18 are affected. A fix > will tickle into openSUSE:Factory for the releases upstream still maintains > which is only llvm18. No further updates are planned, in particular none > to the SLE codestreams. Thanks Richard (a lot!) for your evaluation. Based on that I am reassigning back to the security team.