{"id":"CVE-2024-31852","details":"LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is \"we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production.\"","modified":"2026-04-12T20:05:59.583654Z","published":"2024-04-05T15:15:08.270Z","references":[{"type":"WEB","url":"https://bugs.chromium.org/p/llvm/issues/detail?id=69"},{"type":"WEB","url":"https://llvm.org/docs/Security.html"},{"type":"REPORT","url":"https://github.com/llvm/llvm-project/issues/80287"},{"type":"FIX","url":"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/llvm/llvm-project","events":[{"introduced":"0"},{"fixed":"c13b7485b87909fcf739f62cfa382b55407433c0"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"18.1.3"}]}},{"type":"GIT","repo":"https://github.com/llvmbot/llvm-project","events":[{"introduced":"0"},{"fixed":"0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2"}]}],"versions":["llvmorg-10-init","llvmorg-11-init","llvmorg-12-init","llvmorg-13-init","llvmorg-14-init","llvmorg-15-init","llvmorg-16-init","llvmorg-17-init","llvmorg-18-init","llvmorg-18.1.0","llvmorg-18.1.0-rc1","llvmorg-18.1.0-rc2","llvmorg-18.1.0-rc3","llvmorg-18.1.0-rc4","llvmorg-18.1.1","llvmorg-18.1.2","studio-1.4"],"database_specific":{"vanir_signatures_modified":"2026-04-12T20:05:59Z","vanir_signatures":[{"id":"CVE-2024-31852-1b2f1658","deprecated":false,"target":{"file":"clang/lib/Sema/SemaDecl.cpp","function":"Sema::DiagnoseShadowingLambdaDecls"},"signature_type":"Function","digest":{"length":661,"function_hash":"54210210702493145190645236580885974001"},"source":"https://github.com/llvm/llvm-project/commit/c13b7485b87909fcf739f62cfa382b55407433c0","signature_version":"v1"},{"id":"CVE-2024-31852-37f68a2b","deprecated":false,"target":{"file":"clang/include/clang/Sema/ScopeInfo.h"},"signature_type":"Line","digest":{"line_hashes":["121695522519665525926610151121875702509","177813450041332089971052832782563408636","270286072785656284913999371556910820979","145772467512792817344807998265727079616","40488896316332151667512104416055868446"],"threshold":0.9},"source":"https://github.com/llvm/llvm-project/commit/c13b7485b87909fcf739f62cfa382b55407433c0","signature_version":"v1"},{"id":"CVE-2024-31852-4729bac6","deprecated":false,"target":{"file":"llvm/lib/Target/ARM/ARMFrameLowering.h"},"signature_type":"Line","digest":{"line_hashes":["263727050855336723214702721639646230815","338661521335189763468359639375733185610","222764381900028030013161160196811858611"],"threshold":0.9},"source":"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2","signature_version":"v1"},{"id":"CVE-2024-31852-601c3b3e","deprecated":false,"target":{"file":"clang/lib/Sema/SemaDecl.cpp"},"signature_type":"Line","digest":{"line_hashes":["91435288572159140673604087140088704865","60595000793907335208237528006181894499","81246268898852584397373637365995114641","12966949557758990523458051877827327793","312614693179397280507014919761561370058","171693201888983937631366761565053325549","288468743252935033992033123555283595313","271161800986016484171222072245905400122","103940322508271299547962670881558613228","10135203245374937469725355087472595701","141816724252887940589846747154029630319","329284555271103538031512502934458229588","314945016070787031949304907406154010706","73795432132172204987561770641335538826","18241795241896258393951112393464153520","324678086420977339913819431767002152818","246366175408565920344069863017515870218","6425702704167231857971357785892148660","318676150208217114248308412658880502569","225386210287659981795640714238854176288","63540883665284814711237897895575946133","30103516362247607827635677178992156115","52402595661331567993091525777527888957","127805555321790760525264467347833395642","3555454874163405287023313756932363889","89541331816960903311171902828191751029","35562452605510776776837426958802660732","103752125664474910961691897097682103123","263461059513755621779014653582325480490","109862694046425584484089680983526293475","272917106648733788745504361934622468634","178905699879263853777645015117117095881","122611921716209793925442987154652883453","77019705425720189940723220541881551209","186795559406486653460907266281792750738"],"threshold":0.9},"source":"https://github.com/llvm/llvm-project/commit/c13b7485b87909fcf739f62cfa382b55407433c0","signature_version":"v1"},{"id":"CVE-2024-31852-627abe6b","deprecated":false,"target":{"file":"llvm/lib/Target/ARM/ARMFrameLowering.cpp","function":"ARMFrameLowering::processFunctionBeforeFrameFinalized"},"signature_type":"Function","digest":{"length":748,"function_hash":"73404285676738893015762700050352828765"},"source":"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2","signature_version":"v1"},{"id":"CVE-2024-31852-6333720d","deprecated":false,"target":{"file":"llvm/lib/Target/ARM/ARMFrameLowering.cpp"},"signature_type":"Line","digest":{"line_hashes":["265396403827744709753340007848399007950","49940269832124947600278244315797545189","17478611451566763822165439623865914760","209439641663065836104846623128826102110","332882063965343746051776692655721200312","273489715330268535590677568628668002994","95994793136022703434935340511358603300","209944497273777593380797853584218298710","85108495606792866608053427659888107974"],"threshold":0.9},"source":"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2","signature_version":"v1"},{"id":"CVE-2024-31852-6d0e6301","deprecated":false,"target":{"file":"llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp"},"signature_type":"Line","digest":{"line_hashes":["139400838949772341568642862127766024589","40135402682672961640225337636555974013","252677714685435878831939776807646057092","232694490365100391273184275600372081997","68234156437327767975307735129801407462","211889732719358204229800160894706858795","130150188875852060020832006673493996144","170145326921393847927950279753823393291","195914349568886285658548326064081607336","63023319149774050960125992398873200987","102715412356406950219770955940244365114","15362434203787557402918574295999638423","275240707835296085037501450936913597392","107667869678680336114860712381213343260","171387685097384633778659724188669004137","200435280355266918551004663615097268063","281255735761476042801819148967952881103","185154442047100131982995347613015912851","98966064383053373361210821037095072500","337441876872040026195600000125352828708","266646184066719595896113176259077053616","154282124736809496210014140182972946366"],"threshold":0.9},"source":"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2","signature_version":"v1"},{"id":"CVE-2024-31852-9cd1e164","deprecated":false,"target":{"file":"llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp","function":"ARMLoadStoreOpt::runOnMachineFunction"},"signature_type":"Function","digest":{"length":735,"function_hash":"133099328702317132762878207769385535974"},"source":"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2","signature_version":"v1"},{"id":"CVE-2024-31852-a52e72cf","deprecated":false,"target":{"file":"clang/lib/Sema/SemaDecl.cpp","function":"Sema::CheckShadow"},"signature_type":"Function","digest":{"length":2192,"function_hash":"339118865025015256570547774295760199484"},"source":"https://github.com/llvm/llvm-project/commit/c13b7485b87909fcf739f62cfa382b55407433c0","signature_version":"v1"},{"id":"CVE-2024-31852-fef23083","deprecated":false,"target":{"file":"llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp","function":"ARMLoadStoreOpt::MergeReturnIntoLDM"},"signature_type":"Function","digest":{"length":1498,"function_hash":"319680767746082854522444621428196790404"},"source":"https://github.com/llvmbot/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31852.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}