Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 719466 (CVE-2019-15847)

Summary: <sys-devel/gcc-{6.5.0,7.4.1,8.3.1,9.2.1,10.0}: Flawed code generation on POWER9 (CVE-2019-15847)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa+ cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-26 00:38:28 UTC
CVE-2019-15847 (https://nvd.nist.gov/vuln/detail/CVE-2019-15847):
  The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could
  optimize multiple calls of the __builtin_darn intrinsic into a single call,
  thus reducing the entropy of the random number generator. This occurred
  because a volatile operation was not specified. For example, within a single
  execution of a program, the output of every __builtin_darn() call may be the
  same.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-26 00:39:42 UTC
@maintainer(s), can you let us know if this was patched already / which specific patchset it was in, if possible? Thanks!
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2020-04-26 08:48:27 UTC
That is https://gcc.gnu.org/PR91481 where stats are:

Known to work: 	10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1
Known to fail: 	7.1.0, 7.4.0, 8.3.0, 9.2.0
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-25 20:24:38 UTC
(In reply to Sergei Trofimovich from comment #2)
> That is https://gcc.gnu.org/PR91481 where stats are:
> 
> Known to work: 	10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1
> Known to fail: 	7.1.0, 7.4.0, 8.3.0, 9.2.0

Thank you!
Comment 4 Larry the Git Cow gentoo-dev 2024-09-24 05:12:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=446c45ab796e82c423a55f1070006f36e6acd939

commit 446c45ab796e82c423a55f1070006f36e6acd939
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-09-24 05:11:59 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-09-24 05:12:12 +0000

    [ GLSA 202409-22 ] GCC: Flawed Code Generation
    
    Bug: https://bugs.gentoo.org/719466
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202409-22.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)