Описание
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
Отчет
As per upstream DARN (or power9) is not supported in GCC 6 or older, therefore versions of gcc shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gcc | Not affected | ||
| Red Hat Enterprise Linux 6 | gcc | Not affected | ||
| Red Hat Enterprise Linux 7 | gcc | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-gcc | Not affected | ||
| Red Hat Enterprise Linux 8 | gcc | Fixed | RHSA-2020:1864 | 28.04.2020 |
| Red Hat Enterprise Linux 8 | gcc | Fixed | RHSA-2020:1864 | 28.04.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | devtoolset-8-gcc | Fixed | RHSA-2020:0924 | 23.03.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | devtoolset-8-gcc | Fixed | RHSA-2020:0924 | 23.03.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | devtoolset-9-gcc | Fixed | RHSA-2020:2274 | 26.05.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | devtoolset-8-gcc | Fixed | RHSA-2020:0924 | 23.03.2020 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 ...
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
7.5 High
CVSS3