← Back

CVE-2019-15847

nvd nist
Published: Sep 2, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Affected (6)

Products: Gnu: Gcc · Opensuse: Leap
Gnu
1 product
Gcc
Opensuse
1 product
Leap
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Gnu
Gcc
Before 7.5.0
Gcc
From 10.0 to 10.1.0
Gcc
From 8.0 to 8.4.0
Gcc
From 9.0 to 9.3.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Leap
Version 15.0
Leap
Version 15.1

Related CWEs

CWE-331
Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References (8)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.