CVE-2019-15847

Published: 9/2/2019 Last updated: 8/5/2024 Reserved: 9/2/2019

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (20)

conf-aarch64-linux-gnu-gcc conf-blas conf-c++ conf-g++ conf-gcc conf-gfortran conf-lapack conf-libgccjit conf-mingw-w64-gcc-i686 conf-mingw-w64-gcc-x86_64 conf-mingw-w64-g++-i686 conf-mingw-w64-g++-x86_64 conf-x86_64-linux-gnu-gcc farmhash irrlicht lbfgs libbinaryen re2 solo5-cross-aarch64 taglib

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 53

References (8)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html