CVE-2019-15847 (https://nvd.nist.gov/vuln/detail/CVE-2019-15847): The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
@maintainer(s), can you let us know if this was patched already / which specific patchset it was in, if possible? Thanks!
That is https://gcc.gnu.org/PR91481 where stats are: Known to work: 10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1 Known to fail: 7.1.0, 7.4.0, 8.3.0, 9.2.0
(In reply to Sergei Trofimovich from comment #2) > That is https://gcc.gnu.org/PR91481 where stats are: > > Known to work: 10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1 > Known to fail: 7.1.0, 7.4.0, 8.3.0, 9.2.0 Thank you!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=446c45ab796e82c423a55f1070006f36e6acd939 commit 446c45ab796e82c423a55f1070006f36e6acd939 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-24 05:11:59 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-24 05:12:12 +0000 [ GLSA 202409-22 ] GCC: Flawed Code Generation Bug: https://bugs.gentoo.org/719466 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-22.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)
