CVE-2019-15847

{"id": "CVE-2019-15847", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-02T23:15:10.837", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-331"}]}], "descriptions": [{"lang": "en", "value": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same."}, {"lang": "es", "value": "El backend POWER9 en GNU Compiler Collection (GCC) en versiones anteriores a la 10 podr\u00eda optimizar m\u00faltiples llamadas de __builtin_darn intr\u00ednsecas en una sola llamada, reduciendo as\u00ed la entrop\u00eda del generador de n\u00fameros aleatorios. Esto ocurri\u00f3 porque no se especific\u00f3 una operaci\u00f3n vol\u00e1til. Por ejemplo, dentro de una sola ejecuci\u00f3n de un programa, la salida de cada llamada __builtin_darn() puede ser la misma."}], "lastModified": "2024-11-21T04:29:36.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C24970D-A6E6-4AFC-876C-AA77A4D9F2C9", "versionEndExcluding": "7.5.0"}, {"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C079769-9E9D-4338-9246-B80DB23FF8C2", "versionEndExcluding": "8.4.0", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D143DC53-6A5E-42E7-AF7B-9568650BF837", "versionEndExcluding": "9.3.0", "versionStartIncluding": "9.0"}, {"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CBB0226-5EEA-4106-B59D-35BAFA97C1B6", "versionEndExcluding": "10.1.0", "versionStartIncluding": "10.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}