Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2024-45056

Medium priority
Not affected

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number...

21 affected packages

llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm-toolchain-10 Not in release Not in release Not affected Not affected
llvm-toolchain-11 Not in release Not affected Not affected
llvm-toolchain-12 Not in release Not affected Not affected
llvm-toolchain-13 Not in release Not affected Not in release
llvm-toolchain-14 Not affected Not affected Not in release
llvm-toolchain-15 Not affected Not affected Not in release
llvm-toolchain-16 Not affected Not in release Not in release
llvm-toolchain-17 Not affected Not in release Not in release
llvm-toolchain-18 Not affected Not in release Not in release
llvm-toolchain-19 Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not affected
llvm-toolchain-3.6 Not in release Not in release Not in release Not affected
llvm-toolchain-3.7 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release Not affected
llvm-toolchain-3.9 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-4.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-5.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-6.0 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-7 Not in release Not in release Not affected Not affected
llvm-toolchain-8 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-9 Not in release Not in release Not affected Not affected
Show all 21 packages Show less packages

CVE-2024-31852

Low priority
Needs evaluation

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can...

15 affected packages

llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm-toolchain-10 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-11 Not in release Needs evaluation Needs evaluation
llvm-toolchain-12 Not in release Needs evaluation Needs evaluation
llvm-toolchain-3.5 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-3.6 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-3.7 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-3.8 Not in release Not in release Not in release Needs evaluation
llvm-toolchain-3.9 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-4.0 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-5.0 Not in release Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-6.0 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
llvm-toolchain-7 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-8 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
llvm-toolchain-9 Not in release Not in release Needs evaluation Needs evaluation
llvm-toolchain-snapshot Not in release Not in release Not in release
Show all 15 packages Show less packages

CVE-2023-46049

Medium priority
Not affected

** DISPUTED ** LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between...

14 affected packages

llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm-toolchain-10 Not in release Not in release Not affected Not affected
llvm-toolchain-11 Not in release Not affected Not affected
llvm-toolchain-12 Not in release Not affected Not affected
llvm-toolchain-3.5 Not in release Not in release Not in release Not affected
llvm-toolchain-3.6 Not in release Not in release Not in release Not affected
llvm-toolchain-3.7 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release Not affected
llvm-toolchain-3.9 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-4.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-5.0 Not in release Not in release Not in release Not affected Not affected
llvm-toolchain-6.0 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-7 Not in release Not in release Not affected Not affected
llvm-toolchain-8 Not in release Not in release Not affected Not affected Not affected
llvm-toolchain-9 Not in release Not in release Not affected Not affected
Show all 14 packages Show less packages

CVE-2023-26924

Negligible priority
Ignored

** DISPUTED ** LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can...

18 affected packages

llvm, llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.3...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
llvm Not in release Not in release Not in release Ignored
llvm-toolchain-10 Not in release Not affected Not affected Not in release
llvm-toolchain-11 Not affected Not affected Not in release Not in release
llvm-toolchain-12 Not affected Not affected Not in release Not in release
llvm-toolchain-3.3 Not in release Not in release Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not affected
llvm-toolchain-3.6 Not in release Not in release Not in release Not affected
llvm-toolchain-3.7 Not in release Not in release Not affected Not affected
llvm-toolchain-3.8 Not in release Not in release Not in release Not affected
llvm-toolchain-3.9 Not in release Not in release Not affected Not affected
llvm-toolchain-4.0 Not in release Not in release Not affected Not affected
llvm-toolchain-5.0 Not in release Not in release Not affected Not affected
llvm-toolchain-6.0 Not in release Not affected Not affected Not affected
llvm-toolchain-7 Not in release Not affected Not affected Not in release
llvm-toolchain-8 Not in release Not affected Not affected Not affected
llvm-toolchain-9 Not in release Not affected Not affected Not in release
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release Not in release
Show all 18 packages Show less packages

CVE-2020-13844

Medium priority

Some fixes available 3 of 199

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka...

54 affected packages

gcc-10, gcc-3.3, gcc-4.4, gcc-4.6, gcc-4.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gcc-10 Not affected Not affected Fixed Not in release Not in release
gcc-3.3 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-4.4 Not in release Not in release Not in release Not in release Not in release
gcc-4.6 Not in release Not in release Not in release Not in release Not in release
gcc-4.7 Not in release Not in release Not in release Not in release Vulnerable
gcc-4.7-armel-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.7-armhf-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8 Not in release Not in release Not in release Vulnerable Vulnerable
gcc-4.8-arm64-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8-armhf-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8-powerpc-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.8-ppc64el-cross Not in release Not in release Not in release Not in release Vulnerable
gcc-4.9 Not in release Not in release Not in release Not in release Vulnerable
gcc-5 Not in release Not in release Not in release Not affected Not affected
gcc-5-cross Not in release Not in release Not in release Vulnerable Vulnerable
gcc-6 Not in release Not in release Not in release Vulnerable Not in release
gcc-6-cross Not in release Not in release Not in release Vulnerable Not in release
gcc-6-cross-ports Not in release Not in release Not in release Vulnerable Not in release
gcc-7 Not in release Not in release Vulnerable Vulnerable Not in release
gcc-7-cross Not in release Not in release Not in release Vulnerable Not in release
gcc-7-cross-ports Not in release Not in release Not in release Vulnerable Not in release
gcc-8 Not in release Not in release Vulnerable Vulnerable Not in release
gcc-8-cross Not in release Not in release Vulnerable Vulnerable Not in release
gcc-8-cross-ports Not in release Not in release Vulnerable Vulnerable Not in release
gcc-9 Not affected Not affected Fixed Not in release Not in release
gcc-9-cross Not affected Not affected Fixed Not in release Not in release
gcc-9-cross-ports Vulnerable Vulnerable Vulnerable Not in release Not in release
gcc-arm-linux-androideabi Not in release Not in release Not in release Not in release Vulnerable
gcc-arm-none-eabi Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-avr Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-defaults Not affected Not affected Not affected Not affected Not affected
gcc-defaults-arm64-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armel-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-armhf-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-powerpc-cross Not in release Not in release Not in release Not in release Not in release
gcc-defaults-ppc64el-cross Not in release Not in release Not in release Not in release Not in release
gcc-h8300-hms Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-i686-linux-android Not in release Not in release Not in release Not in release Vulnerable
gcc-m68hc1x Not in release Vulnerable Vulnerable Vulnerable Vulnerable
gcc-mingw-w64 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-msp430 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
gcc-opt Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gcc-snapshot Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
gccgo-4.9 Not in release Not in release Not in release Not in release Not in release
gccgo-6 Not in release Not in release Not in release Not in release Not affected
llvm-toolchain-3.3 Not in release Not in release Not in release Not in release Not in release
llvm-toolchain-3.4 Not in release Not in release Not in release Not in release Not in release
llvm-toolchain-3.5 Not in release Not in release Not in release Not in release Vulnerable
llvm-toolchain-3.6 Not in release Not in release Not in release Not in release Vulnerable
llvm-toolchain-3.7 Not in release Not in release Not in release Vulnerable Vulnerable
llvm-toolchain-3.8 Not in release Not in release Not in release Not in release Vulnerable
llvm-toolchain-3.9 Not in release Not in release Not in release Vulnerable Vulnerable
llvm-toolchain-4.0 Not in release Not in release Not in release Vulnerable Vulnerable
llvm-toolchain-snapshot Not in release Not in release Not in release Not in release Not in release
Show all 54 packages Show less packages