Search CVE reports
1 – 5 of 5 results
CVE-2024-45056
Medium priorityzksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number...
21 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-11 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-12 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-13 | Not in release | Not affected | Not in release | — | — |
llvm-toolchain-14 | Not affected | Not affected | Not in release | — | — |
llvm-toolchain-15 | Not affected | Not affected | Not in release | — | — |
llvm-toolchain-16 | Not affected | Not in release | Not in release | — | — |
llvm-toolchain-17 | Not affected | Not in release | Not in release | — | — |
llvm-toolchain-18 | Not affected | Not in release | Not in release | — | — |
llvm-toolchain-19 | Not in release | Not in release | Not in release | — | — |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-6.0 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-7 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | — |
CVE-2024-31852
Low priorityLLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can...
15 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm-toolchain-10 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
llvm-toolchain-11 | Not in release | Needs evaluation | Needs evaluation | — | — |
llvm-toolchain-12 | Not in release | Needs evaluation | Needs evaluation | — | — |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-6.0 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
llvm-toolchain-7 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
llvm-toolchain-8 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
llvm-toolchain-9 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
llvm-toolchain-snapshot | Not in release | Not in release | Not in release | — | — |
CVE-2023-46049
Medium priority** DISPUTED ** LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between...
14 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-11 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-12 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-6.0 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-7 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | — |
CVE-2023-26924
Negligible priority** DISPUTED ** LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can...
18 affected packages
llvm, llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm | — | Not in release | Not in release | Not in release | Ignored |
llvm-toolchain-10 | — | Not in release | Not affected | Not affected | Not in release |
llvm-toolchain-11 | — | Not affected | Not affected | Not in release | Not in release |
llvm-toolchain-12 | — | Not affected | Not affected | Not in release | Not in release |
llvm-toolchain-3.3 | — | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.4 | — | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.5 | — | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.6 | — | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.7 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-3.8 | — | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.9 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-4.0 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-5.0 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-6.0 | — | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-7 | — | Not in release | Not affected | Not affected | Not in release |
llvm-toolchain-8 | — | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-9 | — | Not in release | Not affected | Not affected | Not in release |
llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-13844
Medium prioritySome fixes available 3 of 193
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka...
54 affected packages
gcc-10, gcc-3.3, gcc-4.4, gcc-4.6, gcc-4.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gcc-10 | Not affected | Not affected | Fixed | Not in release | Not in release |
gcc-3.3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-4.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
gcc-4.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
gcc-4.7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-4.7-armel-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-4.7-armhf-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-4.8 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
gcc-4.8-arm64-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-4.8-armhf-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-4.8-powerpc-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-4.8-ppc64el-cross | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-4.9 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-5 | Not in release | Not in release | Not in release | Not affected | Not affected |
gcc-5-cross | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
gcc-6 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
gcc-6-cross | Not in release | Not in release | Not in release | Vulnerable | Not in release |
gcc-6-cross-ports | Not in release | Not in release | Not in release | Vulnerable | Not in release |
gcc-7 | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
gcc-7-cross | Not in release | Not in release | Not in release | Vulnerable | Not in release |
gcc-7-cross-ports | Not in release | Not in release | Not in release | Vulnerable | Not in release |
gcc-8 | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
gcc-8-cross | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
gcc-8-cross-ports | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
gcc-9 | Not affected | Not affected | Fixed | Not in release | Not in release |
gcc-9-cross | Not affected | Not affected | Fixed | Not in release | Not in release |
gcc-9-cross-ports | Vulnerable | Vulnerable | Vulnerable | Not in release | Not in release |
gcc-arm-linux-androideabi | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-arm-none-eabi | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-avr | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-defaults | Not affected | Not affected | Not affected | Not affected | Not affected |
gcc-defaults-arm64-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
gcc-defaults-armel-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
gcc-defaults-armhf-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
gcc-defaults-powerpc-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
gcc-defaults-ppc64el-cross | Not in release | Not in release | Not in release | Not in release | Not in release |
gcc-h8300-hms | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-i686-linux-android | Not in release | Not in release | Not in release | Not in release | Vulnerable |
gcc-m68hc1x | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-mingw-w64 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-msp430 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-opt | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gcc-snapshot | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
gccgo-4.9 | Not in release | Not in release | Not in release | Not in release | Not in release |
gccgo-6 | Not in release | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
llvm-toolchain-3.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |