Debian Llvm-Toolchain-18 vulnerabilities

CVE-2024-7883 [LOW] CVE-2024-7883: llvm-toolchain-14 - When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can b... When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure

CVE-2024-31852 [MEDIUM] CVE-2024-31852: llvm-toolchain-14 - LLVM before 18.1.3 generates code in which the LR register can be overwritten wi... LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It d