CVE-2022-24791: 
Rust vulnerability analysis and mitigation

CVE-2022-24791 is a use-after-free vulnerability discovered in Wasmtime, a standalone JIT-style runtime for WebAssembly using Cranelift. The vulnerability was disclosed on March 31, 2022, affecting versions 0.34.0, 0.34.1, 0.35.0, and 0.35.1. The issue occurs when both running WebAssembly code that uses externrefs and enabling epoch interruption in Wasmtime (Wasmtime Advisory).

The vulnerability stems from Cranelift failing to emit stack maps when safepoints exist inside cold blocks. Cold blocks are emitted at the end of compiled functions and alter the order of block emission versus definition. This reordering caused Cranelift to skip emitting some stack maps because it expected to emit them in block definition order rather than block emission order. The issue specifically manifests when epoch interruption is enabled, which triggers the creation of cold blocks. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 HIGH (NVD).

When Wasmtime performs garbage collection, it fails to identify live references on the stack due to missing stack maps. This causes the system to incorrectly identify active references as unreferenced garbage and reclaim them prematurely. Subsequently, when the WebAssembly code attempts to use these reclaimed references, it results in a use-after-free condition, potentially leading to memory corruption and security vulnerabilities (Wasmtime Advisory).

The vulnerability has been patched in versions 0.34.2 and 0.35.2. For users unable to upgrade immediately, two workarounds are available: either disable the WebAssembly reference types proposal using config.wasm_reference_types(false), or disable epoch interruption using config.epoch_interruption(false) if it was previously enabled (Wasmtime Advisory).