2456996 – (CVE-2026-34944) CVE-2026-34944 wasmtime: Wasmtime: Denial of Service due to out-of-bounds read during WebAssembly compilation

Bug 2456996 (CVE-2026-34944) - CVE-2026-34944 wasmtime: Wasmtime: Denial of Service due to out-of-bounds read during WebAssembly compilation

Summary: CVE-2026-34944 wasmtime: Wasmtime: Denial of Service due to out-of-bounds rea...

Keywords:
Status:	NEW
Alias:	CVE-2026-34944
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2457172
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-09 19:01 UTC by OSIDB Bzimport
Modified:	2026-04-09 22:53 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-09 19:01:50 UTC

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but this data is not visible to WebAssembly guests. This vulnerability is fixed in 24.0.7, 36.0.7, 42.0.2, and 43.0.1.

Note You need to log in before you can comment on or make changes to this bug.