Cranelift vulnerable to miscompilation of constant values in division on AArch64

Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only affects the AArch64 platform. Other platforms are not affected. The translation rules for constants did not take into account whether sign or zero-extension should happen which resulted in an incorrect value being placed into a register when a division was encountered. The impact of this bug is that programs executing within the WebAssembly sandbox would not behave according to the WebAssembly specification. This means that it is hypothetically possible for execution within the sandbox to go awry and WebAssembly programs could produce unexpected results. This should not impact hosts executing WebAssembly but does affect the correctness of guest programs. This bug has been patched in Wasmtime version 0.38.2 and cranelift-codegen 0.85.2. There are no known workarounds.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

数值计算不正确

Wasmtime 安全漏洞

Wasmtime是一个字节码联盟项目，它是一个独立的仅用于 WebAssembly 和 WASI 的 wasm 优化运行时。 Wasmtime的代码生成器Cranelift存在安全漏洞，该漏洞源于基于AArch64平台中，其对常量的转换规则没有考虑是否应该发生符号或零扩展，这导致在遇到除法时将不正确的值放入寄存器。以下版本受到影响：Wasmtime 0.38.2及以前的版本、Cranlift 0.85.2及以前的版本。

N/A

N/A