What is the severity of CVE-2024-31852?

CVE-2024-31852 is considered a critical vulnerability due to the potential for control flow errors that may lead to exploitability.

How do I fix CVE-2024-31852?

To mitigate CVE-2024-31852, update LLVM and Clang to version 18.1.3 or later.

Which versions of LLVM are affected by CVE-2024-31852?

CVE-2024-31852 affects all versions of LLVM prior to 18.1.3.

Are there any specific platforms affected by CVE-2024-31852?

CVE-2024-31852 impacts the ARM backend of LLVM and Clang.

What type of systems are vulnerable to CVE-2024-31852?

Systems utilizing LLVM or Clang versions before 18.1.3, specifically on ARM architectures, are vulnerable to CVE-2024-31852.

Vulnerability/
CVE-2024-31852

medium

5.9

EPSS

0.045%

5/4/2024

4/12/2024

CVE-2024-31852

First published: Fri Apr 05 2024(Updated: )

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
LLVM	<18.1.3
Clang	<18.1.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-31852?
CVE-2024-31852 is considered a critical vulnerability due to the potential for control flow errors that may lead to exploitability.
How do I fix CVE-2024-31852?
To mitigate CVE-2024-31852, update LLVM and Clang to version 18.1.3 or later.
Which versions of LLVM are affected by CVE-2024-31852?
CVE-2024-31852 affects all versions of LLVM prior to 18.1.3.
Are there any specific platforms affected by CVE-2024-31852?
CVE-2024-31852 impacts the ARM backend of LLVM and Clang.
What type of systems are vulnerable to CVE-2024-31852?
Systems utilizing LLVM or Clang versions before 18.1.3, specifically on ARM architectures, are vulnerable to CVE-2024-31852.

agent/references
agent/description
agent/first-publish-date
agent/type
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/event
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/llvm
canonical/llvm
vendor/clang
canonical/clang

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.