CVE-2019-15847

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-15847
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15847.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-15847
Related
Published
2019-09-02T23:15:10Z
Modified
2024-10-12T04:47:24.592368Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the _builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every _builtindarn() call may be the same.

References

Affected packages

Alpine:v3.11 / gcc

Package

Name
gcc
Purl
pkg:apk/alpine/gcc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.3.0-r0

Affected versions

4.*

4.3.2-r0
4.3.2-r1
4.3.2-r2
4.3.2-r3
4.3.2-r4
4.3.3-r0
4.3.3-r1
4.3.3-r2
4.4.1-r1
4.4.1-r2
4.4.1-r3
4.4.1-r10
4.4.2-r0
4.4.3-r0
4.4.3-r1
4.4.3-r2
4.4.3-r3
4.4.4-r0
4.4.4-r1
4.4.4-r2
4.4.4-r3
4.4.4-r4
4.4.4-r5
4.5.1-r5
4.5.1-r6
4.5.1-r7
4.5.1-r8
4.5.1-r9
4.5.2-r2
4.5.2-r3
4.5.2-r4
4.5.2-r5
4.5.2-r6
4.5.2-r7
4.5.3-r0
4.6.0-r0
4.6.1-r3
4.6.2-r0
4.6.2-r1
4.6.2-r2
4.6.2-r3
4.6.2-r4
4.6.2-r5
4.6.3-r0
4.7.1-r0
4.7.2-r0
4.7.2-r1
4.7.2-r2
4.7.2-r3
4.7.2-r4
4.7.3-r0
4.7.3-r1
4.7.3-r2
4.7.3-r3
4.7.3-r4
4.7.3-r5
4.7.3-r6
4.7.3-r7
4.7.3-r8
4.8.1-r0
4.8.1-r1
4.8.1-r2
4.8.1-r4
4.8.1-r5
4.8.2-r0
4.8.2-r1
4.8.2-r2
4.8.2-r3
4.8.2-r4
4.8.2-r5
4.8.2-r6
4.8.2-r7
4.8.2-r8
4.8.2-r9
4.8.2-r10
4.8.3-r0
4.9.2-r0
4.9.2-r1
4.9.2-r2
4.9.2-r3
4.9.2-r4
4.9.2-r5
4.9.2-r6

5.*

5.1.0-r0
5.2.0-r0
5.3.0-r0

6.*

6.1.0-r0
6.1.0-r1
6.1.0-r2
6.1.0-r3
6.1.0-r4
6.1.1-r0
6.2.0-r0
6.2.1-r0
6.2.1-r1
6.3.0-r1
6.3.0-r2
6.3.0-r3
6.3.0-r4
6.4.0-r4
6.4.0-r5
6.4.0-r6
6.4.0-r7
6.4.0-r8

8.*

8.2.0-r0
8.2.0-r1
8.2.0-r2
8.3.0-r0
8.3.0-r1

9.*

9.2.0-r1
9.2.0-r2
9.2.0-r3
9.2.0-r4

Debian:11 / gcc-9

Package

Name
gcc-9
Purl
pkg:deb/debian/gcc-9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.1-7

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/gcc-mirror/gcc

Affected ranges

Type
GIT
Repo
https://github.com/gcc-mirror/gcc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

basepoints/gcc-0
basepoints/gcc-5
basepoints/gcc-6
basepoints/gcc-7
misc/cutover-cvs2svn
misc/cutover-egcs-0
misc/cutover-egcs-1

releases/gcc-7.*

releases/gcc-7.1.0
releases/gcc-7.2.0
releases/gcc-7.3.0
releases/gcc-7.4.0