Vulnetix
Try Vulnetix Request Demo
CVE-2019-15847 PUBLISHED

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

EPSS 0.76% · 73.2th percentile

Risk Scores

EPSS Score
0.76%
73.2th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSgcc-7-cross20ubuntu1, 18ubuntu2, 18ubuntu1
Ubuntu:16.04:LTSgcc-snapshot20160415-0ubuntu1, 0, 20151011-0ubuntu1
Ubuntu:22.04:LTSgcc-9-cross-ports0, 24ubuntu1, 24ubuntu1.1
Ubuntu:24.04:LTSgcc-snapshot0, 1:20231130-1ubuntu1, 1:20240117-1ubuntu1
Ubuntu:20.04:LTSgcc-100, 10-20200304-1ubuntu1, 10-20200307-0ubuntu1
Ubuntu:20.04:LTSgcc-snapshot0, 1:20191201-0ubuntu1, 1:20200124-1ubuntu1
Ubuntu:18.04:LTSgcc-6-cross29ubuntu1, 30ubuntu3.1, 30ubuntu3
Ubuntu:20.04:LTSgcc-8-cross-ports0, 24ubuntu2, 26ubuntu1
Ubuntu:18.04:LTSgcc-77.3.0-14ubuntu1, 0, 7.2.0-8ubuntu3
Ubuntu:22.04:LTSgcc-snapshot1:20210827-1ubuntu1, 0, 1:20220117-1ubuntu1
Ubuntu:18.04:LTSgcc-7-cross-ports16ubuntu3, 17ubuntu0.2, 17ubuntu0.1
Ubuntu:24.04:LTSgcc-9-cross-ports0, 27ubuntu1, 27ubuntu2
Ubuntu:20.04:LTSgcc-8-cross33ubuntu1, 33ubuntu2, 0
Ubuntu:18.04:LTSgcc-snapshot20171017-1ubuntu1, 0, 20171109-1ubuntu1
Ubuntu:18.04:LTSgcc-8-cross18ubuntu0.6, 18ubuntu0.4, 9ubuntu2
Ubuntu:18.04:LTSgcc-88-20180331-1ubuntu1, 8-20180402-1ubuntu1, 8-20180406-0ubuntu1
Ubuntu:18.04:LTSgcc-6-cross-ports23ubuntu1, 0, 24ubuntu1
Ubuntu:18.04:LTSgcc-66.5.0-2ubuntu1~18.04, 6.4.0-17ubuntu1, 6.4.0-16ubuntu1
Ubuntu:20.04:LTSgcc-9-cross-ports14ubuntu1, 15ubuntu1, 15ubuntu2
Ubuntu:18.04:LTSgcc-8-cross-ports6ubuntu2, 9ubuntu0.4, 9ubuntu0.3

…and 1 more

Timeline

References

Open in Interactive Console →