{"id":"USN-6258-1","summary":"llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities","details":"It was discovered that LLVM Toolchain did not properly manage memory under\ncertain circumstances. If a user were tricked into opening a specially\ncrafted MLIR file, an attacker could possibly use this issue to cause LLVM\nToolchain to crash, resulting in a denial of service. (CVE-2023-29932,\nCVE-2023-29934, CVE-2023-29939)\n\nIt was discovered that LLVM Toolchain did not properly manage memory under \ncertain circumstances. If a user were tricked into opening a specially     \ncrafted MLIR file, an attacker could possibly use this issue to cause LLVM \nToolchain to crash, resulting in a denial of service. This issue only\naffected llvm-toolchain-15. (CVE-2023-29933)\n","modified":"2026-02-10T04:43:14Z","published":"2023-07-27T07:48:23Z","related":["UBUNTU-CVE-2023-29932","UBUNTU-CVE-2023-29933","UBUNTU-CVE-2023-29934","UBUNTU-CVE-2023-29939"],"upstream":["CVE-2023-29932","CVE-2023-29933","CVE-2023-29934","CVE-2023-29939","UBUNTU-CVE-2023-29932","UBUNTU-CVE-2023-29933","UBUNTU-CVE-2023-29934","UBUNTU-CVE-2023-29939"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6258-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29932"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29933"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29934"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29939"}],"affected":[{"package":{"name":"llvm-toolchain-13","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/llvm-toolchain-13@1:13.0.1-2ubuntu2.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:13.0.1-2ubuntu2.2"}]}],"versions":["1:13.0.0-2","1:13.0.0-9","1:13.0.1-2ubuntu1","1:13.0.1-2ubuntu2","1:13.0.1-2ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_name":"clang-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"clang-13-examples","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"clang-format-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"clang-tidy-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"clang-tools-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"clangd-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libc++-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libc++1-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libc++abi-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libc++abi1-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libclang-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libclang-common-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libclang-cpp13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libclang-cpp13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libclang1-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libclc-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libclc-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libfuzzer-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"liblld-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"liblld-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"liblldb-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"liblldb-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libllvm-13-ocaml-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libllvm13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libmlir-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libmlir-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libomp-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libomp5-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libunwind-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"libunwind-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"lld-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"lldb-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"llvm-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"llvm-13-dev","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"llvm-13-examples","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"llvm-13-linker-tools","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"llvm-13-runtime","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"llvm-13-tools","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"mlir-13-tools","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"python3-clang-13","binary_version":"1:13.0.1-2ubuntu2.2"},{"binary_name":"python3-lldb-13","binary_version":"1:13.0.1-2ubuntu2.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6258-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29932"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29933"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29934"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29939"}]}}},{"package":{"name":"llvm-toolchain-14","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/llvm-toolchain-14@1:14.0.0-1ubuntu1.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:14.0.0-1ubuntu1.1"}]}],"versions":["1:14.0.0~+rc1-1","1:14.0.0~+rc1-1ubuntu4","1:14.0.0~+rc4-1ubuntu1","1:14.0.0-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"clang-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"clang-14-examples","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"clang-format-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"clang-tidy-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"clang-tools-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"clangd-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libc++-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libc++1-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libc++abi-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libc++abi1-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libclang-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libclang-common-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libclang-cpp14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libclang-cpp14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libclang1-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libclc-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libclc-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libfuzzer-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"liblld-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"liblld-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"liblldb-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"liblldb-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libllvm-14-ocaml-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libllvm14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libmlir-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libmlir-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libomp-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libomp5-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libunwind-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"libunwind-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"lld-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"lldb-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"llvm-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"llvm-14-dev","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"llvm-14-examples","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"llvm-14-linker-tools","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"llvm-14-runtime","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"llvm-14-tools","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"mlir-14-tools","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"python3-clang-14","binary_version":"1:14.0.0-1ubuntu1.1"},{"binary_name":"python3-lldb-14","binary_version":"1:14.0.0-1ubuntu1.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6258-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29932"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29933"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29934"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29939"}]}}},{"package":{"name":"llvm-toolchain-15","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/llvm-toolchain-15@1:15.0.7-0ubuntu0.22.04.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:15.0.7-0ubuntu0.22.04.3"}]}],"versions":["1:15.0.6-3~ubuntu0.22.04.2","1:15.0.7-0ubuntu0.22.04.1","1:15.0.7-0ubuntu0.22.04.2"],"ecosystem_specific":{"binaries":[{"binary_name":"bolt-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"clang-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"clang-15-examples","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"clang-format-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"clang-tidy-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"clang-tools-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"clangd-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libbolt-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libc++-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libc++1-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libc++abi-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libc++abi1-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libclang-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libclang-common-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libclang-cpp15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libclang-cpp15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libclang1-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libclc-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libclc-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libfuzzer-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"liblld-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"liblld-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"liblldb-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"liblldb-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libllvm-15-ocaml-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libllvm15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libmlir-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libmlir-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libomp-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libomp5-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libunwind-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"libunwind-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"lld-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"lldb-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"llvm-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"llvm-15-dev","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"llvm-15-examples","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"llvm-15-linker-tools","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"llvm-15-runtime","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"llvm-15-tools","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"mlir-15-tools","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"python3-clang-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"},{"binary_name":"python3-lldb-15","binary_version":"1:15.0.7-0ubuntu0.22.04.3"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6258-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29932"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29933"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29934"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29939"}]}}}],"schema_version":"1.7.3"}