CVE-2019-15847 (https://nvd.nist.gov/vuln/detail/CVE-2019-15847): The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
@maintainer(s), can you let us know if this was patched already / which specific patchset it was in, if possible? Thanks!
That is https://gcc.gnu.org/PR91481 where stats are: Known to work: 10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1 Known to fail: 7.1.0, 7.4.0, 8.3.0, 9.2.0
(In reply to Sergei Trofimovich from comment #2) > That is https://gcc.gnu.org/PR91481 where stats are: > > Known to work: 10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1 > Known to fail: 7.1.0, 7.4.0, 8.3.0, 9.2.0 Thank you!