Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 05/04/2024 Updated: 08/04/2024

LLVM prior to 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production."

DescriptionA miscompile flaw was found in LLVM In certain conditions, the LR register can be overwritten without data being saved to the stack, which can lead to an exploitable error in the compiled code This affects the ARM backend and can be demonstrated with ClangA miscompile flaw was found in LLVM In certain conditions, the LR regist ...

https://github.com/llvm/llvm-project/issues/80287 https://llvm.org/docs/Security.html https://bugs.chromium.org/p/llvm/issues/detail?id=69 https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2024-31852

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-31852

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect