Bug 2225615 (CVE-2023-29932) - CVE-2023-29932 llvm: canonicalize pass crashed with segmentation fault
Summary: CVE-2023-29932 llvm: canonicalize pass crashed with segmentation fault
Status: NEW
Alias: CVE-2023-29932
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
Depends On: 2225616 2225617 2225618
Blocks: 2193481
TreeView+ depends on / blocked
Reported: 2023-07-25 15:07 UTC by Marian Rehak
Modified: 2023-10-04 17:53 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the llvm package. A segmentation fault via the mlir::IROperand<mlir::OpOperand component may lead to a crash.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Marian Rehak 2023-07-25 15:07:23 UTC
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.



Comment 1 Marian Rehak 2023-07-25 15:07:40 UTC
Created llvm tracking bugs for this issue:

Affects: fedora-all [bug 2225616]

Comment 3 Siddhesh Poyarekar 2023-07-25 15:41:01 UTC
What's the security rationale for this?  If the upstream LLVM security group has agreed on the security impact then this document should be updated to refect that:


because at the moment it states that there are no security-sensitive parts in LLVM.  I couldn't track an upstream discussion about this either.  Likewise for CVE-2023-29933, CVE-2023-29934, CVE-2023-29935, CVE-2023-29941 and CVE-2023-29942.

Note You need to log in before you can comment on or make changes to this bug.