vulnerability
Red Hat: CVE-2019-15847: CVE-2019-15847 gcc: POWER9 "DARN" RNG intrinsic produces repeated output (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2019-09-02 | 2020-04-29 | 2023-12-15 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2019-09-02
Added
2020-04-29
Modified
2023-12-15
Description
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
Solution(s)
redhat-upgrade-cppredhat-upgrade-cpp-debuginforedhat-upgrade-gccredhat-upgrade-gcc-credhat-upgrade-gcc-c-debuginforedhat-upgrade-gcc-debuginforedhat-upgrade-gcc-debugsourceredhat-upgrade-gcc-gdb-pluginredhat-upgrade-gcc-gdb-plugin-debuginforedhat-upgrade-gcc-gfortranredhat-upgrade-gcc-gfortran-debuginforedhat-upgrade-gcc-offload-nvptxredhat-upgrade-gcc-offload-nvptx-debuginforedhat-upgrade-gcc-plugin-develredhat-upgrade-gcc-plugin-devel-debuginforedhat-upgrade-libasanredhat-upgrade-libasan-debuginforedhat-upgrade-libatomicredhat-upgrade-libatomic-debuginforedhat-upgrade-libatomic-staticredhat-upgrade-libgccredhat-upgrade-libgcc-debuginforedhat-upgrade-libgfortranredhat-upgrade-libgfortran-debuginforedhat-upgrade-libgompredhat-upgrade-libgomp-debuginforedhat-upgrade-libgomp-offload-nvptxredhat-upgrade-libgomp-offload-nvptx-debuginforedhat-upgrade-libitmredhat-upgrade-libitm-debuginforedhat-upgrade-libitm-develredhat-upgrade-liblsanredhat-upgrade-liblsan-debuginforedhat-upgrade-libquadmathredhat-upgrade-libquadmath-debuginforedhat-upgrade-libquadmath-develredhat-upgrade-libstdcredhat-upgrade-libstdc-debuginforedhat-upgrade-libstdc-develredhat-upgrade-libstdc-docsredhat-upgrade-libstdc-staticredhat-upgrade-libtsanredhat-upgrade-libtsan-debuginforedhat-upgrade-libubsanredhat-upgrade-libubsan-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.