Search CVE reports
1 – 5 of 5 results
CVE-2024-45056
Medium priorityzksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number...
21 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-13, llvm-toolchain-14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-11 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-12 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-13 | Not in release | Not affected | Not in release | — | — |
llvm-toolchain-14 | Not affected | Not affected | Not in release | — | — |
llvm-toolchain-15 | Not affected | Not affected | Not in release | — | — |
llvm-toolchain-16 | Not affected | Not in release | Not in release | — | — |
llvm-toolchain-17 | Not affected | Not in release | Not in release | — | — |
llvm-toolchain-18 | Not affected | Not in release | Not in release | — | — |
llvm-toolchain-19 | Not in release | Not in release | Not in release | — | — |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-6.0 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-7 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | — |
CVE-2024-31852
Low priorityLLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can...
15 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm-toolchain-10 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
llvm-toolchain-11 | Not in release | Needs evaluation | Needs evaluation | — | — |
llvm-toolchain-12 | Not in release | Needs evaluation | Needs evaluation | — | — |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Needs evaluation |
llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
llvm-toolchain-6.0 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
llvm-toolchain-7 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
llvm-toolchain-8 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
llvm-toolchain-9 | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
llvm-toolchain-snapshot | Not in release | Not in release | Not in release | — | — |
CVE-2023-46049
Medium priority** DISPUTED ** LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between...
14 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.5, llvm-toolchain-3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-11 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-12 | Not in release | Not affected | Not affected | — | — |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.7 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-3.8 | Not in release | Not in release | Not in release | — | Not affected |
llvm-toolchain-3.9 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-4.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-5.0 | Not in release | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-6.0 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-7 | Not in release | Not in release | Not affected | Not affected | — |
llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | — |
CVE-2023-26924
Negligible priority** DISPUTED ** LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can...
18 affected packages
llvm, llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-12, llvm-toolchain-3.3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm | — | Not in release | Not in release | Not in release | Ignored |
llvm-toolchain-10 | — | Not in release | Not affected | Not affected | Not in release |
llvm-toolchain-11 | — | Not affected | Not affected | Not in release | Not in release |
llvm-toolchain-12 | — | Not affected | Not affected | Not in release | Not in release |
llvm-toolchain-3.3 | — | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.4 | — | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.5 | — | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.6 | — | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.7 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-3.8 | — | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.9 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-4.0 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-5.0 | — | Not in release | Not in release | Not affected | Not affected |
llvm-toolchain-6.0 | — | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-7 | — | Not in release | Not affected | Not affected | Not in release |
llvm-toolchain-8 | — | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-9 | — | Not in release | Not affected | Not affected | Not in release |
llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2020-0306
Low priorityIn LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
4 affected packages
llvm-toolchain-10, llvm-toolchain-11, llvm-toolchain-8, llvm-toolchain-9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
llvm-toolchain-10 | Not in release | Not in release | Not affected | Not affected | Not in release |
llvm-toolchain-11 | Not in release | Not affected | Not affected | Not in release | Not in release |
llvm-toolchain-8 | Not in release | Not in release | Not affected | Not affected | Not affected |
llvm-toolchain-9 | Not in release | Not in release | Not affected | Not affected | Not in release |