Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2022-31169

Published: 22 July 2022

Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. The translation rules for constants did not take into account whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs. This bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds.

Notes

AuthorNote
tyhicks
mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur
starting with Ubuntu 22.04, the firefox package is just a script
that installs the Firefox snap
rodrigo-zaiden
cranelift, the wasmtime code generator is included in
firefox, thunderbird and mozjs families.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
bionic Ignored
(end of standard support, was needed)
jammy Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support)
focal Ignored
(bundled deps handled by upstream in new versions)
kinetic Not vulnerable
(code not present)
mantic Not vulnerable
(code not present)
mozjs38
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Does not exist

mantic Does not exist

mozjs52
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Does not exist

mantic Does not exist

mozjs68
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Needs triage

jammy Does not exist

lunar Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

kinetic Does not exist

mantic Does not exist

mozjs78
Launchpad, Ubuntu, Debian
trusty Does not exist

xenial Does not exist

bionic Does not exist

focal Does not exist

jammy Needs triage

upstream Needs triage

kinetic Ignored
(end of life, was needs-triage)
mantic Does not exist

lunar Ignored
(end of life, was needs-triage)
mozjs91
Launchpad, Ubuntu, Debian
lunar Does not exist

bionic Does not exist

focal Does not exist

jammy Needs triage

trusty Does not exist

xenial Does not exist

upstream Needs triage

kinetic Does not exist

mantic Does not exist

thunderbird
Launchpad, Ubuntu, Debian
bionic Ignored
(end of standard support, was needed)
trusty Does not exist

upstream Needs triage

focal Ignored
(bundled deps handled by upstream in new versions)
jammy Ignored
(bundled deps handled by upstream in new versions)
kinetic Ignored
(end of life, was needed)
xenial Ignored
(end of standard support)
mantic Ignored
(bundled deps handled by upstream in new versions)
lunar Ignored
(end of life, was ignored [bundled deps handled by upstream in new versions])

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N