vulnerability
Ubuntu: (CVE-2019-15847): gcc-7 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Sep 2, 2019 | Nov 19, 2024 | Mar 27, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 2, 2019
Added
Nov 19, 2024
Modified
Mar 27, 2026
Description
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
Solutions
ubuntu-upgrade-gcc-10ubuntu-upgrade-gcc-7ubuntu-upgrade-gcc-8
References
- CVE-2019-15847
- https://attackerkb.com/topics/CVE-2019-15847
- CWE-331
- EUVD-EUVD-2019-6763
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-6763
- https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=457dac402027dd7e14543fbd59a75858422cf6c6
- https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e99bfdd2a8db732ea84cf0a6486707e5e821ad7e
- https://www.cve.org/CVERecord?id=CVE-2019-15847
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.