{"id":"USN-6258-1","summary":"llvm-toolchain-13, llvm-toolchain-14, llvm-toolchain-15 vulnerabilities","details":"It was discovered that LLVM Toolchain did not properly manage memory under\ncertain circumstances. If a user were tricked into opening a specially\ncrafted MLIR file, an attacker could possibly use this issue to cause LLVM\nToolchain to crash, resulting in a denial of service. (CVE-2023-29932,\nCVE-2023-29934, CVE-2023-29939)\n\nIt was discovered that LLVM Toolchain did not properly manage memory under \ncertain circumstances. If a user were tricked into opening a specially     \ncrafted MLIR file, an attacker could possibly use this issue to cause LLVM \nToolchain to crash, resulting in a denial of service. This issue only\naffected llvm-toolchain-15. (CVE-2023-29933)\n","modified":"2026-04-22T11:02:52.184554Z","published":"2023-07-27T07:48:23Z","related":["UBUNTU-CVE-2023-29932","UBUNTU-CVE-2023-29933","UBUNTU-CVE-2023-29934","UBUNTU-CVE-2023-29939"],"upstream":["CVE-2023-29932","CVE-2023-29933","CVE-2023-29934","CVE-2023-29939","UBUNTU-CVE-2023-29932","UBUNTU-CVE-2023-29933","UBUNTU-CVE-2023-29934","UBUNTU-CVE-2023-29939"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6258-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29932"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29933"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29934"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29939"}],"affected":[{"package":{"name":"llvm-toolchain-13","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/llvm-toolchain-13@1:13.0.1-2ubuntu2.2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:13.0.1-2ubuntu2.2"}]}],"versions":["1:13.0.0-2","1:13.0.0-9","1:13.0.1-2ubuntu1","1:13.0.1-2ubuntu2","1:13.0.1-2ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"clang-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"clang-13-examples"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"clang-format-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"clang-tidy-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"clang-tools-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"clangd-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libc++1-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libc++abi1-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libclang-cpp13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libclang1-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libclc-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"liblld-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"liblldb-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libllvm13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libmlir-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libomp5-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"libunwind-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"lld-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"lldb-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"llvm-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"llvm-13-examples"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"llvm-13-linker-tools"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"llvm-13-runtime"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"llvm-13-tools"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"mlir-13-tools"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"python3-clang-13"},{"binary_version":"1:13.0.1-2ubuntu2.2","binary_name":"python3-lldb-13"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29932"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29933"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29934"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29939"}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6258-1.json"}},{"package":{"name":"llvm-toolchain-14","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/llvm-toolchain-14@1:14.0.0-1ubuntu1.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:14.0.0-1ubuntu1.1"}]}],"versions":["1:14.0.0~+rc1-1","1:14.0.0~+rc1-1ubuntu4","1:14.0.0~+rc4-1ubuntu1","1:14.0.0-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"clang-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"clang-14-examples"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"clang-format-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"clang-tidy-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"clang-tools-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"clangd-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libc++1-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libc++abi1-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libclang-cpp14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libclang1-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libclc-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"liblld-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"liblldb-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libllvm14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libmlir-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libomp5-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"libunwind-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"lld-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"lldb-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"llvm-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"llvm-14-examples"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"llvm-14-linker-tools"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"llvm-14-runtime"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"llvm-14-tools"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"mlir-14-tools"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"python3-clang-14"},{"binary_version":"1:14.0.0-1ubuntu1.1","binary_name":"python3-lldb-14"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29932"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29933"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29934"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29939"}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6258-1.json"}},{"package":{"name":"llvm-toolchain-15","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/llvm-toolchain-15@1:15.0.7-0ubuntu0.22.04.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:15.0.7-0ubuntu0.22.04.3"}]}],"versions":["1:15.0.6-3~ubuntu0.22.04.2","1:15.0.7-0ubuntu0.22.04.1","1:15.0.7-0ubuntu0.22.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"bolt-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"clang-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"clang-15-examples"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"clang-format-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"clang-tidy-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"clang-tools-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"clangd-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libc++1-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libc++abi1-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libclang-cpp15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libclang1-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libclc-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"liblld-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"liblldb-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libllvm15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libmlir-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libomp5-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"libunwind-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"lld-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"lldb-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"llvm-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"llvm-15-examples"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"llvm-15-linker-tools"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"llvm-15-runtime"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"llvm-15-tools"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"mlir-15-tools"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"python3-clang-15"},{"binary_version":"1:15.0.7-0ubuntu0.22.04.3","binary_name":"python3-lldb-15"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29932"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29933"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29934"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-29939"}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6258-1.json"}}],"schema_version":"1.7.5"}