Bug 2182266 (CVE-2023-26924)

Summary: CVE-2023-26924 llvm: mlir::outlineSingleBlockRegion crashes with segmentation fault
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bodavis, jchecahi, mnewsome, mprchlik, sipoyare, tstellar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in LLVM. This security flaw leads to a segmentation fault in mlir::outlineSingleBlockRegion.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-14 09:06:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2182267, 2182268, 2182269, 2182270, 2182271, 2182272, 2182273, 2182274    
Bug Blocks: 2182258    

Description Sandipan Roy 2023-03-28 04:43:49 UTC 
LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion.

https://gist.github.com/Colloportus0/fc16d10d74aedf89d5d1d020ebb89c0c
https://github.com/llvm/llvm-project/issues/60216
Comment 1 Sandipan Roy 2023-03-28 04:49:23 UTC 
Created llvm tracking bugs for this issue:

Affects: epel-7 [bug 2182269]
Affects: fedora-36 [bug 2182270]
Affects: fedora-37 [bug 2182272]


Created mingw-llvm tracking bugs for this issue:

Affects: fedora-36 [bug 2182271]
Affects: fedora-37 [bug 2182273]
Comment 3 Product Security DevOps Team 2023-04-14 09:06:19 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-26924