Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2024-45056

Medium priority
Not affected

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number...

21 affected packages

llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm-toolchain-10 Not in release Not in release Not affected Not affected
llvm-toolchain-11 Not in release Not affected Not affected
llvm-toolchain-12 Not in release Not affected Not affected
llvm-toolchain-13 Not in release Not affected Not in release
llvm-toolchain-14 Not affected Not affected Not in release
llvm-toolchain-15 Not affected Not affected Not in release
llvm-toolchain-16 Not affected Not in release Not in release
llvm-toolchain-17 Not affected Not in release Not in release
llvm-toolchain-18 Not affected Not in release Not in release
llvm-toolchain-19 Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not affected
llvm-toolchain-3.6 Not in release Not in release Not in release Not affected
llvm-toolchain-3.7 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release Not affected
llvm-toolchain-3.9 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-4.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-5.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-6.0 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-7 Not in release Not in release Not affected Not affected
llvm-toolchain-8 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-9 Not in release Not in release Not affected Not affected
Show all 21 packages Show less packages

CVE-2024-31852

Low priority
Needs evaluation

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can...

15 affected packages

llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm-toolchain-10 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-11 Not in release Needs evaluation Needs evaluation
llvm-toolchain-12 Not in release Needs evaluation Needs evaluation
llvm-toolchain-3.5 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-3.6 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-3.7 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-3.8 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-3.9 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-4.0 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-5.0 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-6.0 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
llvm-toolchain-7 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-8 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
llvm-toolchain-9 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-snapshot Not in release Not in release Not in release
Show all 15 packages Show less packages

CVE-2023-46049

Medium priority
Not affected

** DISPUTED ** LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between...

14 affected packages

llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm-toolchain-10 Not in release Not in release Not affected Not affected
llvm-toolchain-11 Not in release Not affected Not affected
llvm-toolchain-12 Not in release Not affected Not affected
llvm-toolchain-3.5 Not in release Not in release Not in release Not affected
llvm-toolchain-3.6 Not in release Not in release Not in release Not affected
llvm-toolchain-3.7 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release Not affected
llvm-toolchain-3.9 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-4.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-5.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-6.0 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-7 Not in release Not in release Not affected Not affected
llvm-toolchain-8 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-9 Not in release Not in release Not affected Not affected
Show all 14 packages Show less packages

CVE-2023-26924

Negligible priority
Ignored

** DISPUTED ** LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can...

18 affected packages

llvm, llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.3...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm Not in release Not in release Not in release Ignored
llvm-toolchain-10 Not in release Not affected Not affected Not in release
llvm-toolchain-11 Not affected Not affected Not in release Not in release
llvm-toolchain-12 Not affected Not affected Not in release Not in release
llvm-toolchain-3.3 Not in release Not in release Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not affected
llvm-toolchain-3.6 Not in release Not in release Not in release Not affected
llvm-toolchain-3.7 Not in release Not in release Not affected Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release Not affected
llvm-toolchain-3.9 Not in release Not in release Not affected Not affected
llvm-toolchain-4.0 Not in release Not in release Not affected Not affected
llvm-toolchain-5.0 Not in release Not in release Not affected Not affected
llvm-toolchain-6.0 Not in release Not affected Not affected Not affected
llvm-toolchain-7 Not in release Not affected Not affected Not in release
llvm-toolchain-8 Not in release Not affected Not affected Not affected
llvm-toolchain-9 Not in release Not affected Not affected Not in release
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release Not in release
Show all 18 packages Show less packages

CVE-2020-13844

Medium priority

Some fixes available 3 of 193

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka...

54 affected packages

gcc-10, gcc-3.3, gcc-4.4, gcc-4.6, gcc-4.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gcc-10 Not affected Not affected Fixed Not in release Not in release
gcc-3.3 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-4.4 Not in release Not in release Not in release Not in release Not in release
gcc-4.6 Not in release Not in release Not in release Not in release Not in release
gcc-4.7 Not in release Not in release Not in release Not in release Vulnerable
gcc-4.7-armel-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.7-armhf-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8 Not in release Not in release Not in release Vulnerable Vulnerable
gcc-4.8-arm64-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8-armhf-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8-powerpc-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8-ppc64el-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.9 Not in release Not in release Not in release Not in release Vulnerable
gcc-5 Not in release Not in release Not in release Not affected Not affected
gcc-5-cross Not in release Not in release Not in release Vulnerable Vulnerable
gcc-6 Not in release Not in release Not in release Vulnerable Not in release
gcc-6-cross Not in release Not in release Not in release Vulnerable Not in release
gcc-6-cross-ports Not in release Not in release Not in release Vulnerable Not in release
gcc-7 Not in release Not in release Vulnerable Vulnerable Not in release
gcc-7-cross Not in release Not in release Not in release Vulnerable Not in release
gcc-7-cross-ports Not in release Not in release Not in release Vulnerable Not in release
gcc-8 Not in release Not in release Vulnerable Vulnerable Not in release
gcc-8-cross Not in release Not in release Vulnerable Vulnerable Not in release
gcc-8-cross-ports Not in release Not in release Vulnerable Vulnerable Not in release
gcc-9 Not affected Not affected Fixed Not in release Not in release
gcc-9-cross Not affected Not affected Fixed Not in release Not in release
gcc-9-cross-ports Vulnerable Vulnerable Vulnerable Not in release Not in release
gcc-arm-linux-androideabi Not in release Not in release Not in release Not in release Vulnerable
gcc-arm-none-eabi Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-avr Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-defaults Not affected Not affected Not affected Not affected Not affected
gcc-defaults-arm64-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armel-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armhf-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-powerpc-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-ppc64el-cross Not in release Not in release Not in release Not in release Not in release
gcc-h8300-hms Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-i686-linux-android Not in release Not in release Not in release Not in release Vulnerable
gcc-m68hc1x Not in release Vulnerable Vulnerable Vulnerable Vulnerable
gcc-mingw-w64 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-msp430 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
gcc-opt Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-snapshot Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gccgo-4.9 Not in release Not in release Not in release Not in release Not in release
gccgo-6 Not in release Not in release Not in release Not in release Not affected
llvm-toolchain-3.3 Not in release Not in release Not in release Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not in release Vulnerable
llvm-toolchain-3.6 Not in release Not in release Not in release Not in release Vulnerable
llvm-toolchain-3.7 Not in release Not in release Not in release Vulnerable Vulnerable
llvm-toolchain-3.8 Not in release Not in release Not in release Not in release Vulnerable
llvm-toolchain-3.9 Not in release Not in release Not in release Vulnerable Vulnerable
llvm-toolchain-4.0 Not in release Not in release Not in release Vulnerable Vulnerable
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release Not in release
Show all 54 packages Show less packages

CVE-2015-3027

Low priority
Ignored

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard...

7 affected packages

llvm, llvm-toolchain-3.2, llvm-toolchain-3.3, llvm-toolchain-3.4, llvm-toolchain-3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm Not in release Not in release
llvm-toolchain-3.2 Not in release Not in release
llvm-toolchain-3.3 Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release
llvm-toolchain-3.5 Not in release Ignored
llvm-toolchain-3.6 Not in release Ignored
llvm-toolchain-snapshot Not in release Not in release
Show all 7 packages Show less packages

CVE-2015-2305

Medium priority

Some fixes available 29 of 83

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to...

23 affected packages

alpine, clamav, cups, efl, haskell-regex-posix...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
alpine Not affected Not affected Not affected Not affected Not affected
clamav Fixed Fixed Fixed Fixed Fixed
cups Not affected Not affected Not affected Not affected Not affected
efl Not affected Not affected Not affected Not affected Not affected
haskell-regex-posix Not affected Not affected Not affected Not affected Not affected
knews Not affected Not affected Not affected Not affected Not affected
librcsb-core-wrapper Not affected Not affected Not affected Not affected Not affected
llvm-toolchain-3.4 Not in release Not in release Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not in release Not affected
llvm-toolchain-3.6 Not in release Not in release Not in release Not in release Not affected
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release Not in release
newlib Not affected Not affected Not affected Not affected Not affected
nvi Not affected Not affected Not affected Not affected Vulnerable
olsrd Not in release Not in release Not in release Not affected Not affected
openrpt Not in release Not in release Not in release Vulnerable Vulnerable
php5 Not in release Not in release Not in release Not in release Not in release
ptlib Not in release Not in release Not in release Not affected Not affected
radare2 Not affected Not in release Not affected Not affected Vulnerable
sma Not affected Not affected Not affected Not affected Not affected
vigor Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not affected Not affected
yap Not in release Not in release Not in release Not affected Not affected
z88dk Not in release Not in release Not in release Not in release Not affected
Show all 23 packages Show less packages

CVE-2014-2893

Low priority
Ignored

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.

6 affected packages

llvm-toolchain-3.2, llvm-toolchain-3.3, llvm-toolchain-3.4, llvm-toolchain-3.5, llvm-toolchain-3.6, llvm-toolchain-snapshot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm-toolchain-3.2 Not in release Not in release
llvm-toolchain-3.3 Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release
llvm-toolchain-3.5 Not in release Not affected
llvm-toolchain-3.6 Not in release Not affected
llvm-toolchain-snapshot Not in release Not in release
Show less packages