Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 719466 (CVE-2019-15847) - <sys-devel/gcc-{6.5.0,7.4.1,8.3.1,9.2.1,10.0}: Flawed code generation on POWER9 (CVE-2019-15847)
Summary: <sys-devel/gcc-{6.5.0,7.4.1,8.3.1,9.2.1,10.0}: Flawed code generation on POWE...
Status: IN_PROGRESS
Alias: CVE-2019-15847
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa? cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-26 00:38 UTC by GLSAMaker/CVETool Bot
Modified: 2022-03-16 18:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-26 00:38:28 UTC
CVE-2019-15847 (https://nvd.nist.gov/vuln/detail/CVE-2019-15847):
  The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could
  optimize multiple calls of the __builtin_darn intrinsic into a single call,
  thus reducing the entropy of the random number generator. This occurred
  because a volatile operation was not specified. For example, within a single
  execution of a program, the output of every __builtin_darn() call may be the
  same.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-26 00:39:42 UTC
@maintainer(s), can you let us know if this was patched already / which specific patchset it was in, if possible? Thanks!
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2020-04-26 08:48:27 UTC
That is https://gcc.gnu.org/PR91481 where stats are:

Known to work: 	10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1
Known to fail: 	7.1.0, 7.4.0, 8.3.0, 9.2.0
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-25 20:24:38 UTC
(In reply to Sergei Trofimovich from comment #2)
> That is https://gcc.gnu.org/PR91481 where stats are:
> 
> Known to work: 	10.0, 6.5.0, 7.4.1, 8.3.1, 9.2.1
> Known to fail: 	7.1.0, 7.4.0, 8.3.0, 9.2.0

Thank you!