CVE-2022-31169
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. The translation rules for constants did not take into account whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs. This bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds.
Wasmtime es un tiempo de ejecución independiente para WebAssembly. Se presenta un error en el generador de código de Wasmtime, Cranelift, para los objetivos AArch64 donde los divisores constantes pueden resultar en resultados de división incorrectos en tiempo de ejecución. Esto afecta a Wasmtime versiones anteriores a 0.38.2 y a Cranelift versiones anteriores a 0.85.2. Este problema sólo afecta a la plataforma AArch64. Las demás plataformas no están afectadas. Las reglas de traducción de las constantes no tenían en cuenta si el signo o la extensión cero debían producirse, lo que resultaba en la colocación de un valor incorrecto en un registro cuando era encontrada una división. El impacto de este bug es que los programas que son ejecutados dentro del sandbox de WebAssembly no son comportados de acuerdo con la especificación de WebAssembly. Esto significa que es hipotéticamente posible que la ejecución dentro del sandbox sea desviado y los programas WebAssembly puedan producir resultados no esperados. Esto no debería afectar a los hosts que ejecutan WebAssembly, pero sí a la corrección de los programas invitados. Este error ha sido parcheado en Wasmtime versión 0.38.2 y en cranelift-codegen versión 0.85.2. No se presentan mitigaciones conocidas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-18 CVE Reserved
- 2022-07-21 CVE Published
- 2024-02-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-682: Incorrect Calculation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7f6x-jwh5-m9r4 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/bytecodealliance/wasmtime/commit/2ba4bce5cc719e5a74e571a534424614e62ecc41 | 2022-08-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bytecodealliance Search vendor "Bytecodealliance" | Cranelift-codegen Search vendor "Bytecodealliance" for product "Cranelift-codegen" | < 0.85.1 Search vendor "Bytecodealliance" for product "Cranelift-codegen" and version " < 0.85.1" | rust |
Affected
| ||||||
| Bytecodealliance Search vendor "Bytecodealliance" | Wasmtime Search vendor "Bytecodealliance" for product "Wasmtime" | < 0.38.1 Search vendor "Bytecodealliance" for product "Wasmtime" and version " < 0.38.1" | rust |
Affected
| ||||||