Search CVE reports
1 – 9 of 9 results
CVE-2024-7883
Low priorityWhen using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and...
9 affected packages
llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-11 | Not in release | Needs evaluation | Needs evaluation | — | — |
| llvm-toolchain-12 | Not in release | Needs evaluation | Needs evaluation | — | — |
| llvm-toolchain-13 | Not in release | Needs evaluation | Not in release | — | — |
| llvm-toolchain-14 | Needs evaluation | Needs evaluation | Not in release | — | — |
| llvm-toolchain-15 | Needs evaluation | Needs evaluation | Not in release | — | — |
| llvm-toolchain-16 | Needs evaluation | Not in release | Not in release | — | — |
| llvm-toolchain-17 | Needs evaluation | Not in release | Not in release | — | — |
| llvm-toolchain-18 | Needs evaluation | Not in release | Needs evaluation | — | — |
| llvm-toolchain-19 | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-45056
Medium priorityzksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number...
21 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | — |
| llvm-toolchain-11 | Not in release | Not affected | Not affected | — | — |
| llvm-toolchain-12 | Not in release | Not affected | Not affected | — | — |
| llvm-toolchain-13 | Not in release | Not affected | Not in release | — | — |
| llvm-toolchain-14 | Not affected | Not affected | Not in release | — | — |
| llvm-toolchain-15 | Not affected | Not affected | Not in release | — | — |
| llvm-toolchain-16 | Not affected | Not in release | Not in release | — | — |
| llvm-toolchain-17 | Not affected | Not in release | Not in release | — | — |
| llvm-toolchain-18 | Not affected | Not in release | Not affected | — | — |
| llvm-toolchain-19 | Not affected | Not in release | Not in release | — | — |
| llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Not affected |
| llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
| llvm-toolchain-6.0 | Not in release | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-7 | Not in release | Not in release | Not affected | Not affected | — |
| llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
| llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | — |
CVE-2023-29942
Low priorityllvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.
3 affected packages
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-13 | Not in release | Needs evaluation | Not in release | Not in release | Ignored |
| llvm-toolchain-14 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
| llvm-toolchain-15 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
CVE-2023-29941
Medium priorityllvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.
3 affected packages
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-13 | — | Not affected | Not in release | Not in release | Ignored |
| llvm-toolchain-14 | — | Not affected | Not in release | Not in release | Ignored |
| llvm-toolchain-15 | — | Not affected | Not in release | Not in release | Ignored |
CVE-2023-29939
Medium prioritySome fixes available 6 of 9
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).
3 affected packages
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-13 | — | Fixed | Not in release | Not in release | Ignored |
| llvm-toolchain-14 | — | Fixed | Not in release | Not in release | Ignored |
| llvm-toolchain-15 | — | Fixed | Not in release | Not in release | Ignored |
CVE-2023-29935
Low priorityllvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.
3 affected packages
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-13 | Not in release | Needs evaluation | Not in release | Not in release | Ignored |
| llvm-toolchain-14 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
| llvm-toolchain-15 | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
CVE-2023-29934
Medium prioritySome fixes available 6 of 9
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().
3 affected packages
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-13 | — | Fixed | Not in release | Not in release | Ignored |
| llvm-toolchain-14 | — | Fixed | Not in release | Not in release | Ignored |
| llvm-toolchain-15 | — | Fixed | Not in release | Not in release | Ignored |
CVE-2023-29933
Medium prioritySome fixes available 2 of 3
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.
3 affected packages
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-13 | — | Not affected | Not in release | Not in release | Ignored |
| llvm-toolchain-14 | — | Not affected | Not in release | Not in release | Ignored |
| llvm-toolchain-15 | — | Fixed | Not in release | Not in release | Ignored |
CVE-2023-29932
Medium prioritySome fixes available 6 of 9
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
3 affected packages
llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| llvm-toolchain-13 | — | Fixed | Not in release | Not in release | Ignored |
| llvm-toolchain-14 | — | Fixed | Not in release | Not in release | Ignored |
| llvm-toolchain-15 | — | Fixed | Not in release | Not in release | Ignored |