vulnerability

CentOS Linux: CVE-2019-15847: Moderate: gcc security and bug fix update (CESA-2020:1864)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 2, 2019
Added
Apr 29, 2020
Modified
May 25, 2023

Description

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Solution(s)

centos-upgrade-cppcentos-upgrade-cpp-debuginfocentos-upgrade-gcccentos-upgrade-gcc-ccentos-upgrade-gcc-c-debuginfocentos-upgrade-gcc-debuginfocentos-upgrade-gcc-debugsourcecentos-upgrade-gcc-gdb-plugincentos-upgrade-gcc-gdb-plugin-debuginfocentos-upgrade-gcc-gfortrancentos-upgrade-gcc-gfortran-debuginfocentos-upgrade-gcc-offload-nvptxcentos-upgrade-gcc-offload-nvptx-debuginfocentos-upgrade-gcc-plugin-devel-debuginfocentos-upgrade-libasancentos-upgrade-libasan-debuginfocentos-upgrade-libatomiccentos-upgrade-libatomic-debuginfocentos-upgrade-libatomic-staticcentos-upgrade-libgcccentos-upgrade-libgcc-debuginfocentos-upgrade-libgfortrancentos-upgrade-libgfortran-debuginfocentos-upgrade-libgompcentos-upgrade-libgomp-debuginfocentos-upgrade-libgomp-offload-nvptxcentos-upgrade-libgomp-offload-nvptx-debuginfocentos-upgrade-libitmcentos-upgrade-libitm-debuginfocentos-upgrade-libitm-develcentos-upgrade-liblsancentos-upgrade-liblsan-debuginfocentos-upgrade-libquadmathcentos-upgrade-libquadmath-debuginfocentos-upgrade-libquadmath-develcentos-upgrade-libstdccentos-upgrade-libstdc-debuginfocentos-upgrade-libstdc-develcentos-upgrade-libstdc-docscentos-upgrade-libtsancentos-upgrade-libtsan-debuginfocentos-upgrade-libubsancentos-upgrade-libubsan-debuginfo

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today