Vulnerability CVE-2019-15847: Information
Description
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| arm-none-eabi-gcc | sisyphus | 10.2.0-alt1 | 13.2.1-alt1 | ALT-PU-2021-1231-1 | 265892 | Fixed |
| arm-none-eabi-gcc | p10 | 10.2.0-alt1 | 10.2.0-alt5 | ALT-PU-2021-1231-1 | 265892 | Fixed |
| arm-none-eabi-gcc | c10f1 | 10.2.0-alt1 | 10.2.0-alt5 | ALT-PU-2021-1231-1 | 265892 | Fixed |
| avr-gcc | sisyphus | 10.2.0-alt1_1 | 13.2.0-alt1_1 | ALT-PU-2020-3355-1 | 262076 | Fixed |
| avr-gcc | p10 | 10.2.0-alt1_1 | 10.2.0-alt1_1 | ALT-PU-2020-3355-1 | 262076 | Fixed |
| avr-gcc | c10f1 | 10.2.0-alt1_1 | 10.2.0-alt1_1 | ALT-PU-2020-3355-1 | 262076 | Fixed |
| gcc8 | p10 | 8.4.1-alt1 | 8.4.1-alt1 | ALT-PU-2020-1432-1 | 247375 | Fixed |
| gcc8 | p9 | 8.4.1-alt0.p9.1 | 8.4.1-alt0.p9.1 | ALT-PU-2020-1663-1 | 247559 | Fixed |
| gcc8 | c10f1 | 8.4.1-alt1 | 8.4.1-alt1 | ALT-PU-2020-1432-1 | 247375 | Fixed |
| gcc8 | c9f2 | 8.4.1-alt0.p9.1 | 8.4.1-alt0.p9.1 | ALT-PU-2020-1663-1 | 247559 | Fixed |
| gcc9 | p10 | 9.3.1-alt1 | 9.3.1-alt3 | ALT-PU-2020-1979-1 | 251917 | Fixed |
| gcc9 | c10f1 | 9.3.1-alt1 | 9.3.1-alt3 | ALT-PU-2020-1979-1 | 251917 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481 |
|
| openSUSE-SU-2019:2364 |
|
| openSUSE-SU-2019:2365 |
|
| openSUSE-SU-2020:0716 |
|