CVE-2024-31852

Name of the Vulnerable Software and Affected Versions LLVM versions prior to 18.1.3

Description The issue is related to a buffer overflow in memory when handling the LR register connection due to incorrect code generation management. This can lead to an exploitable error in the flow of control, potentially allowing a remote attacker to execute arbitrary code or cause a denial of service. The ARM backend is affected, and the issue can be demonstrated with Clang. The vendor notes that the likelihood of this miscompile enabling an exploit remains very low, as the miscompile resulting in this JOP gadget is likely to crash on most valid inputs to the function.

Recommendations For versions prior to 18.1.3, update to version 18.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ARM backend to minimize the risk of exploitation. Additionally, ensure that any testing covers the affected functions to discover potential miscompiles before shipping binaries to production.