Login Sign Up

CVE-2023-26924

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a segmentation fault vulnerability in LLVM's MLIR component when processing malicious input files. It primarily affects developers and systems using LLVM/MLIR for code compilation or analysis. Third parties dispute its classification as a security issue per LLVM's security policy.

💻 Affected Systems

Products:
  • LLVM
  • MLIR (Multi-Level Intermediate Representation)
Versions: LLVM versions containing commit a0dab4950 (specific version range not specified in CVE)
Operating Systems: All platforms running affected LLVM/MLIR
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when processing MLIR input files through the outlineSingleBlockRegion function.

📦 What is this software?

Llvm by Llvm

View all CVEs affecting Llvm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service through application crash when processing specially crafted input files, potentially disrupting compilation pipelines or analysis tools.

🟠

Likely Case

Application instability or crashes when processing untrusted MLIR input files, requiring restart of affected compilation processes.

🟢

If Mitigated

Minimal impact if input validation and sandboxing prevent processing of untrusted files.

🌐 Internet-Facing: LOW - Requires processing of malicious input files, typically not exposed directly to internet.
🏢 Internal Only: MEDIUM - Could affect internal build systems or development tools processing untrusted code.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to supply malicious input files to vulnerable MLIR processing. References include proof-of-concept demonstration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check LLVM repository for fixes after commit a0dab4950

Vendor Advisory: https://github.com/llvm/llvm-project/issues/60216

Restart Required: Yes

Instructions:

1. Update LLVM to version containing fix. 2. Recompile any dependent applications. 3. Restart affected services.

🔧 Temporary Workarounds

Input validation and sandboxing

all

Validate and sanitize all MLIR input files before processing, run compilation in isolated environments

Disable vulnerable functionality

all

Avoid using outlineSingleBlockRegion function with untrusted input

🧯 If You Can't Patch

  • Implement strict input validation for all MLIR files
  • Run LLVM/MLIR processes in isolated containers or sandboxes

🔍 How to Verify

Check if Vulnerable:

Check LLVM version and commit history for inclusion of a0dab4950

Check Version:

llvm-config --version

Verify Fix Applied:

Verify LLVM version is updated beyond vulnerable commit, test with known malicious input files

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in LLVM/MLIR logs
  • Unexpected process termination during compilation

SIEM Query:

Process termination events from LLVM/MLIR executables with segmentation fault signals

📊 Metadata

CVE ID: CVE-2023-26924
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
Published: March 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26924, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)