CVE-2023-27477

Name of the Vulnerable Software and Affected Versions wasmtime versions prior to 4.0.1 wasmtime versions prior to 5.0.1 wasmtime versions prior to 6.0.1

Description The code generation backend, Cranelift, has a bug on x86 64 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the pshufb instruction which causes incorrect results to be returned if lanes are selected from the second vector. This bug may cause guest programs to behave unexpectedly due to the incorrect result of this instruction. In extreme cases, if a guest program is handling untrusted input, then the guest program may deviate from its intended execution.

Recommendations For versions prior to 4.0.1, upgrade to version 4.0.1 or later. For versions prior to 5.0.1, upgrade to version 5.0.1 or later. For versions prior to 6.0.1, upgrade to version 6.0.1 or later. As a temporary workaround, consider disabling the Wasm simd proposal by setting config.wasm simd to false.