PT-2019-14433 · Gnu+4 · Gnu Compiler Collection+4

Jack Lloyd

Published

2019-09-02

Updated

2024-06-15

CVE-2019-15847

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GNU Compiler Collection (GCC) versions prior to 10

Description The issue concerns the POWER9 backend in GNU Compiler Collection (GCC) where the optimizer could reduce the entropy of the random number generator by combining multiple calls of the builtin darn intrinsic into a single call. This happened because the operation was not marked as volatile. As a result, within a single program execution, every call to builtin darn() might produce the same output.

Recommendations For versions prior to 10, update to version 10 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331

Related Identifiers

ALT-PU-2020-1432

ALT-PU-2020-1663

ALT-PU-2020-1979

ALT-PU-2020-3355

ALT-PU-2021-1231

CESA-2020_1864

CVE-2019-15847

OPENSUSE-SU-2019:2364-1

OPENSUSE-SU-2019:2365-1

OPENSUSE-SU-2019_2364-1

OPENSUSE-SU-2019_2365-1

OPENSUSE-SU-2020:0716-1

OPENSUSE-SU-2020_0716-1

OPENSUSE-SU-2024:10703-1

RHSA-2020:0924

RHSA-2020:1864

RHSA-2020:2274

RHSA-2020_1864

SUSE-SU-2019:2702-1

SUSE-SU-2019:3061-1

SUSE-SU-2020:0394-1

SUSE-SU-2023:3662-1

Affected Products

Alt Linux

Centos

Gnu Compiler Collection

Red Hat

Suse

PT-2019-14433 · Gnu+4 · Gnu Compiler Collection+4

CVE-2019-15847

Weakness Enumeration

Related Identifiers

Affected Products

References · 88