CVE-2019-15847

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html	Mailing List Third Party Advisory
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:gcc::::::::
	cpe:2.3:a:gnu:gcc::::::::
	cpe:2.3:a:gnu:gcc::::::::
	cpe:2.3:a:gnu:gcc::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

History

No history.

Information

Published : 2019-09-02 23:15

Updated : 2024-02-28 17:08

NVD link : CVE-2019-15847

Mitre link : CVE-2019-15847

CVE.ORG link : CVE-2019-15847

JSON object : View

Products Affected

gnu

gcc

opensuse

leap

CWE

CWE-331

Insufficient Entropy

{"id": "CVE-2019-15847", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-02T23:15:10.837", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-331"}]}], "descriptions": [{"lang": "en", "value": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same."}, {"lang": "es", "value": "El backend POWER9 en GNU Compiler Collection (GCC) en versiones anteriores a la 10 podr\u00eda optimizar m\u00faltiples llamadas de __builtin_darn intr\u00ednsecas en una sola llamada, reduciendo as\u00ed la entrop\u00eda del generador de n\u00fameros aleatorios. Esto ocurri\u00f3 porque no se especific\u00f3 una operaci\u00f3n vol\u00e1til. Por ejemplo, dentro de una sola ejecuci\u00f3n de un programa, la salida de cada llamada __builtin_darn() puede ser la misma."}], "lastModified": "2020-09-17T13:38:06.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C24970D-A6E6-4AFC-876C-AA77A4D9F2C9", "versionEndExcluding": "7.5.0"}, {"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C079769-9E9D-4338-9246-B80DB23FF8C2", "versionEndExcluding": "8.4.0", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D143DC53-6A5E-42E7-AF7B-9568650BF837", "versionEndExcluding": "9.3.0", "versionStartIncluding": "9.0"}, {"criteria": "cpe:2.3:a:gnu:gcc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CBB0226-5EEA-4106-B59D-35BAFA97C1B6", "versionEndExcluding": "10.1.0", "versionStartIncluding": "10.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}