Debian Llvm-Toolchain-14 vulnerabilities

CVE-2024-7883 [LOW] CVE-2024-7883: llvm-toolchain-14 - When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can b... When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure

CVE-2024-31852 [MEDIUM] CVE-2024-31852: llvm-toolchain-14 - LLVM before 18.1.3 generates code in which the LR register can be overwritten wi... LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It d

CVE-2023-29932 [MEDIUM] CVE-2023-29932: llvm-toolchain-13 - llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via ... llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. Scope: local bookworm: open bullseye: open

CVE-2023-26924 [MEDIUM] CVE-2023-26924: llvm-toolchain-14 - LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE:... LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." Scope: local bookworm: open sid: open

CVE-2023-29934 [MEDIUM] CVE-2023-29934: llvm-toolchain-13 - llvm-project commit 6c01b5c was discovered to contain a segmentation fault via t... llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). Scope: local bookworm: open bullseye: open

CVE-2023-29935 [MEDIUM] CVE-2023-29935: llvm-toolchain-13 - llvm-project commit a0138390 was discovered to contain an assertion failure at !... llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. Scope: local bookworm: open bullseye: open

CVE-2023-29941 [MEDIUM] CVE-2023-29941: llvm-toolchain-13 - llvm-project commit a0138390 was discovered to contain a segmentation fault via ... llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp(mlir::sparse_tensor::SortOp. Scope: local bookworm: open bullseye: open

CVE-2023-29939 [MEDIUM] CVE-2023-29939: llvm-toolchain-13 - llvm-project commit a0138390 was discovered to contain a segmentation fault via ... llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). Scope: local bookworm: open bullseye: open

CVE-2023-29942 [MEDIUM] CVE-2023-29942: llvm-toolchain-13 - llvm-project commit a0138390 was discovered to contain a segmentation fault via ... llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. Scope: local bookworm: open bullseye: open

CVE-2023-29933 [MEDIUM] CVE-2023-29933: llvm-toolchain-13 - llvm-project commit bd456297 was discovered to contain a segmentation fault via ... llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. Scope: local bookworm: open bullseye: open