VDB
CVE-2019-15847
CVE-2019-15847
PUBLISHED
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
EPSS 0.54% · 67.9th percentile
Risk Scores
EPSS Score
0.54%
67.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | gcc-7-cross | 17ubuntu1, 0, 8ubuntu2 |
| Ubuntu:16.04:LTS | gcc-snapshot | 20160105-1ubuntu1, 20151030-1ubuntu2, 20151215-0ubuntu1 |
| Ubuntu:22.04:LTS | gcc-9-cross-ports | 0, 24ubuntu1, 24ubuntu1.1 |
| Ubuntu:24.04:LTS | gcc-snapshot | 1:20231130-1ubuntu1, 0, * |
| Ubuntu:20.04:LTS | gcc-10 | *, *, * |
| Ubuntu:20.04:LTS | gcc-snapshot | 1:20191201-0ubuntu1, 1:20191008-1ubuntu1, 0 |
| Ubuntu:18.04:LTS | gcc-6-cross | 30ubuntu2, 29ubuntu1, 28ubuntu1 |
| Ubuntu:20.04:LTS | gcc-8-cross-ports | 27ubuntu1, 0, 24ubuntu2 |
| Ubuntu:18.04:LTS | gcc-7 | 7.2.0-18ubuntu2, 7.3.0-3ubuntu1, 7.3.0-11ubuntu1 |
| Ubuntu:22.04:LTS | gcc-snapshot | 0, 1:20210827-1ubuntu1, * |
| Ubuntu:18.04:LTS | gcc-7-cross-ports | 6ubuntu1, *, * |
| Ubuntu:24.04:LTS | gcc-9-cross-ports | *, 0, 26ubuntu1 |
| Ubuntu:20.04:LTS | gcc-8-cross | 33ubuntu1, 33ubuntu2, 0 |
| Ubuntu:18.04:LTS | gcc-snapshot | 20180107-1ubuntu1, 1:20180322-1ubuntu1, 1:20180425-1ubuntu1 |
| Ubuntu:18.04:LTS | gcc-8-cross | 5ubuntu2, *, 0 |
| Ubuntu:18.04:LTS | gcc-8 | *, *, 0 |
| Ubuntu:18.04:LTS | gcc-6-cross-ports | 28ubuntu2, *, * |
| Ubuntu:18.04:LTS | gcc-6 | 6.4.0-11ubuntu1, 6.4.0-16ubuntu1, 6.5.0-2ubuntu1~18.04 |
| Ubuntu:20.04:LTS | gcc-9-cross-ports | 17ubuntu1, 18ubuntu3, * |
| Ubuntu:18.04:LTS | gcc-8-cross-ports | 6ubuntu3, 4ubuntu1, 3ubuntu1 |
…and 1 more
Exploit Intelligence
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
- CVE-2025-38062.yara (github-yara)
Timeline
- Sep 2, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-15847 third-party-advisory
- https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e99bfdd2a8db732ea84cf0a6486707e5e821ad7e third-party-advisory
- https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=457dac402027dd7e14543fbd59a75858422cf6c6 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-15847 third-party-advisory