CVE-2023-29932: llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component...
5.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.05598%
CWE
Published
5/5/2023
Updated
1/29/2025
KEV Status
No
Technology
-
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability is a segmentation fault in MLIR's IROperand, observed at commit fdbc55a5. This commit refactored FileID handling in Clang's AST serialization. The analysis assumes that these changes in Clang introduced a subtle bug leading to corrupted FileID or source location information. When MLIR consumes this Clang-generated data, the corruption manifests as a crash. The identified functions are central to the new FileID handling logic introduced in commit fdbc55a5. While the crash occurs in MLIR, these Clang functions are hypothesized to be the origin of the bad data. The confidence is 'medium' because the link is indirect and relies on the assumption that the NFCI commit fdbc55a5 introduced the defect.