Miggo Logo
Miggo Vulnerability Database
CVE-2023-29941

CVE-2023-29941: llvm-project commit a0138390 was discovered to contain a segmentation fault via the component...

5.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-29941
GHSA ID
GHSA-g8w2-r832-c3p7
EPSS Score
0.07366%
CWE
CWE-125
Published
5/5/2023
Updated
1/29/2025
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The primary evidence comes from the vulnerability description itself and the detailed stack trace provided in the linked GitHub issue #59988. The description pinpoints 'matchAndRewriteSortOpmlir::sparse_tensor::SortOp' as the vulnerable component. The stack trace further corroborates this and lists other functions in the direct call path leading to the crash, such as 'SortRewriter::matchAndRewrite' and 'getMangledSortHelperFunc'. Although the specific commit (a0138390) mentioned in the CVE is not the fixing commit and its diff is unrelated to MLIR, the issue report provides a clear path to the functions involved in the segmentation fault. The fixing commit (9c15789333801f73910f7aaac56f9e97f799899a) could not be fetched, so the analysis relies on the issue details and the initial vulnerability report. The file path is inferred based on common MLIR project structure and the nature of the functions (sparse tensor transformations).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

llvm-proj**t *ommit ******** w*s *is*ov*r** to *ont*in * s**m*nt*tion **ult vi* t** *ompon*nt m*t***n*R*writ*SortOp<mlir::sp*rs*_t*nsor::SortOp>(mlir::sp*rs*_t*nsor::SortOp.

Reasoning

T** prim*ry *vi**n** *om*s *rom t** vuln*r**ility **s*ription its*l* *n* t** **t*il** st**k tr*** provi*** in t** link** *it*u* issu* #*****. T** **s*ription pinpoints 'm*t***n*R*writ*SortOp<mlir::sp*rs*_t*nsor::SortOp>' *s t** vuln*r**l* *ompon*nt.