CVE Tools
Sign in

CVE-2024-31852

Published: Apr 5, 2024Updated: Dec 4, 2024 Sources: CVE List NVD BDU
NVD MITRE
5.9CVSSMEDIUM
EPSS Score
1.0%
Top 42.0%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production."

CVSS Vector Breakdown

AV:NAC:HPR:NUI:NS:UC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:HAttack Complexity
High
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Affected Products

LLVMLLVM Foundation
On-prem
DevTools & CI / build-test-tools
n/an/a
llvm foundationoss-projectDevTools & CIaka llvm

Exploitability

Official Patch Available

References

https://vuldb.com/ru/?id.259502
vuldb.com
https://bugs.chromium.org/p/llvm/issues/detail?id=69
bugs.chromium.org
https://github.com/llvm/llvm-project/issues/80287
github.com
and 5 more references View all →

Timeline

Published
Apr 5, 2024
Last Updated
Dec 4, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-31852 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows