CVE-2022-31104: Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
4.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.69728%
CWE
Published
6/29/2022
Updated
3/14/2024
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
wasmtime | rust | < 0.38.1 | 0.38.1 |
cranelift-codegen | rust | < 0.85.1 | 0.85.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from two distinct issues in Cranelift's x64 backend:
- For swizzle: The implementation incorrectly modified the mask input register (originally a read-only value), violating register handling conventions. This matches the pattern shown in PR #4318 where input registers were improperly cast as writable.
- For select: The XmmCmove instruction handling used OperandSize::Size32/Size64 instead of proper 128-bit handling, as shown in PR #4317. When condition was zero, this led to partial register moves (only low 32 bits) instead of full 128-bit moves. Both functions are explicitly referenced in the vulnerability description and their fixes directly address these specific code paths in the x64 instruction lowering logic.