{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-31852", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-12-04T21:06:04.794Z", "dateReserved": "2024-04-05T00:00:00", "datePublished": "2024-04-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-05T14:36:24.043759"}, "descriptions": [{"lang": "en", "value": "LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\""}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/llvm/llvm-project/issues/80287"}, {"url": "https://llvm.org/docs/Security.html"}, {"url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69"}, {"url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T18:46:21.677158Z", "id": "CVE-2024-31852", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T21:06:04.794Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.200Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/llvm/llvm-project/issues/80287", "tags": ["x_transferred"]}, {"url": "https://llvm.org/docs/Security.html", "tags": ["x_transferred"]}, {"url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69", "tags": ["x_transferred"]}, {"url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/llvm/llvm-project/issues/80287", "tags": ["x_transferred"]}, {"url": "https://llvm.org/docs/Security.html", "tags": ["x_transferred"]}, {"url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69", "tags": ["x_transferred"]}, {"url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.200Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31852", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-31T18:46:21.677158Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T18:46:27.295Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/llvm/llvm-project/issues/80287"}, {"url": "https://llvm.org/docs/Security.html"}, {"url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69"}, {"url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"}], "descriptions": [{"lang": "en", "value": "LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-05T14:36:24.043759"}}}, "cveMetadata": {"cveId": "CVE-2024-31852", "state": "PUBLISHED", "dateUpdated": "2024-12-04T21:06:04.794Z", "dateReserved": "2024-04-05T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-05T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\""}, {"lang": "es", "value": "LLVM anterior a 18.1.3 genera c\u00f3digo en el que el registro LR se puede sobrescribir sin que los datos se guarden en la pila y, por lo tanto, a veces puede haber un error explotable en el flujo de control. Esto afecta el backend de ARM y se puede demostrar con Clang. NOTA: la perspectiva del proveedor es \"no tenemos fuertes objeciones para que se cree un CVE... Parece que la probabilidad de que esta mala compilaci\u00f3n permita un exploit sigue siendo muy baja, porque la mala compilaci\u00f3n que resulta en este dispositivo JOP es tal que \"Es m\u00e1s probable que la funci\u00f3n falle en la mayor\u00eda de las entradas v\u00e1lidas de la funci\u00f3n. Por lo tanto, si esta funci\u00f3n est\u00e1 cubierta por alguna prueba, lo m\u00e1s probable es que se descubra la mala compilaci\u00f3n antes de que el binario se env\u00ede a producci\u00f3n\"."}], "id": "CVE-2024-31852", "lastModified": "2024-12-04T21:15:23.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-05T15:15:08.270", "references": [{"source": "cve@mitre.org", "url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69"}, {"source": "cve@mitre.org", "url": "https://github.com/llvm/llvm-project/issues/80287"}, {"source": "cve@mitre.org", "url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"}, {"source": "cve@mitre.org", "url": "https://llvm.org/docs/Security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.chromium.org/p/llvm/issues/detail?id=69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/llvm/llvm-project/issues/80287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://llvm.org/docs/Security.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "llvm: LR register can be overwritten without data being saved to the stack on ARM", "id": "2273715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273715"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-440", "details": ["LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\"", "A miscompile flaw was found in LLVM. In certain conditions, the LR register can be overwritten without data being saved to the stack, which can lead to an exploitable error in the compiled code. This affects the ARM backend and can be demonstrated with Clang."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-31852", "package_state": [{"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Affected", "package_name": "llvm-toolset-15.0-llvm", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "llvm-toolset:rhel8/llvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "llvm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-31852\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31852"], "statement": "The vulnerability in LLVM, where the Link Register (LR) in ARM architecture can be overwritten without proper stack preservation, is assessed as a moderate severity issue. While overwriting the LR can lead to control-flow manipulation and potential code execution, its impact is mitigated by several factors. Firstly, successful exploitation requires precise knowledge of the target system's memory layout and execution context, making it less straightforward for attackers. Secondly, modern operating systems and runtime environments often have protections in place, such as address space layout randomization (ASLR) and stack canaries, which can make exploitation more challenging. Lastly, the issue primarily affects the ARM backend, limiting its impact to ARM-based systems, which may not be as prevalent as other architectures in certain deployment scenarios.", "threat_severity": "Moderate"}