Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-15847

Published: 02/09/2019 Updated: 17/09/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Gcc

Vulnerability Summary

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gcc

opensuse leap 15.0

opensuse leap 15.1

Vendor Advisories

Red Hat: Moderate: gcc security and bug fix update
Synopsis Moderate: gcc security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for gcc is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: Moderate: devtoolset-8-gcc security update
Synopsis Moderate: devtoolset-8-gcc security update Type/Severity Security Advisory: Moderate Topic An update for devtoolset-8-gcc is now available for Red Hat Developer Toolset 8 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vu ...
Red Hat: Moderate: devtoolset-9-gcc security and bug fix update
Synopsis Moderate: devtoolset-9-gcc security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for devtoolset-9-gcc is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...
Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update
Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...
Red Hat: CVE-2019-15847
Impact: Moderate Public Date: 2019-09-02 CWE: CWE-331 Bugzilla: 1755523: CVE-2019-15847 gcc: POWER9 "DA ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-331https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.htmlhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:1864https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://access.redhat.com/security/cve/cve-2019-15847
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook