Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2019-15847

Insufficient Entropy

Published: Sep 02, 2019 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
NEGLIGIBLE
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-15847
CWEhttps://cwe.mitre.org/data/definitions/331.html

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Weakness

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Affected Software

Name Vendor Start Version End Version
Gcc Gnu * 7.5.0 (excluding)
Gcc Gnu 8.0 (including) 8.4.0 (excluding)
Gcc Gnu 9.0 (including) 9.3.0 (excluding)
Gcc Gnu 10.0 (including) 10.1.0 (excluding)
Red Hat Enterprise Linux 8 RedHat gcc-0:8.3.1-5.el8 *
Red Hat Enterprise Linux 8 RedHat gcc-0:8.3.1-5.el8 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat devtoolset-8-gcc-0:8.3.1-3.2.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat devtoolset-8-gcc-0:8.3.1-3.2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat devtoolset-9-gcc-0:9.3.1-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat devtoolset-8-gcc-0:8.3.1-3.2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat devtoolset-8-gcc-0:8.3.1-3.2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat devtoolset-9-gcc-0:9.3.1-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat devtoolset-8-gcc-0:8.3.1-3.2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat devtoolset-9-gcc-0:9.3.1-2.el7 *
Gcc-10 Ubuntu esm-infra/focal *
Gcc-10 Ubuntu focal *
Gcc-10 Ubuntu upstream *
Gcc-4.8 Ubuntu trusty *
Gcc-6 Ubuntu bionic *
Gcc-6 Ubuntu disco *
Gcc-6-cross Ubuntu bionic *
Gcc-6-cross-ports Ubuntu bionic *
Gcc-7 Ubuntu bionic *
Gcc-7 Ubuntu disco *
Gcc-7 Ubuntu eoan *
Gcc-7 Ubuntu esm-infra/bionic *
Gcc-7 Ubuntu upstream *
Gcc-7-cross Ubuntu bionic *
Gcc-7-cross Ubuntu disco *
Gcc-7-cross-ports Ubuntu bionic *
Gcc-7-cross-ports Ubuntu disco *
Gcc-8 Ubuntu bionic *
Gcc-8 Ubuntu disco *
Gcc-8 Ubuntu esm-infra/bionic *
Gcc-8 Ubuntu upstream *
Gcc-8-cross Ubuntu bionic *
Gcc-8-cross Ubuntu disco *
Gcc-8-cross Ubuntu eoan *
Gcc-8-cross Ubuntu focal *
Gcc-8-cross Ubuntu groovy *
Gcc-8-cross Ubuntu hirsute *
Gcc-8-cross-ports Ubuntu bionic *
Gcc-8-cross-ports Ubuntu disco *
Gcc-8-cross-ports Ubuntu eoan *
Gcc-8-cross-ports Ubuntu focal *
Gcc-8-cross-ports Ubuntu groovy *
Gcc-8-cross-ports Ubuntu hirsute *
Gcc-9 Ubuntu disco *
Gcc-9 Ubuntu upstream *
Gcc-9-cross Ubuntu disco *
Gcc-9-cross Ubuntu eoan *
Gcc-9-cross Ubuntu groovy *
Gcc-9-cross Ubuntu hirsute *
Gcc-9-cross Ubuntu impish *
Gcc-9-cross Ubuntu kinetic *
Gcc-9-cross Ubuntu lunar *
Gcc-9-cross Ubuntu mantic *
Gcc-9-cross-ports Ubuntu disco *
Gcc-9-cross-ports Ubuntu eoan *
Gcc-9-cross-ports Ubuntu focal *
Gcc-9-cross-ports Ubuntu groovy *
Gcc-9-cross-ports Ubuntu hirsute *
Gcc-9-cross-ports Ubuntu impish *
Gcc-9-cross-ports Ubuntu kinetic *
Gcc-9-cross-ports Ubuntu lunar *
Gcc-9-cross-ports Ubuntu mantic *
Gcc-defaults Ubuntu bionic *
Gcc-defaults Ubuntu disco *
Gcc-defaults Ubuntu eoan *
Gcc-defaults Ubuntu groovy *
Gcc-defaults Ubuntu hirsute *
Gcc-defaults Ubuntu impish *
Gcc-defaults Ubuntu kinetic *
Gcc-defaults Ubuntu lunar *
Gcc-defaults Ubuntu mantic *
Gcc-defaults Ubuntu precise/esm *
Gcc-defaults Ubuntu trusty *
Gcc-defaults Ubuntu xenial *
Gcc-snapshot Ubuntu bionic *
Gcc-snapshot Ubuntu disco *
Gcc-snapshot Ubuntu eoan *
Gcc-snapshot Ubuntu focal *
Gcc-snapshot Ubuntu groovy *
Gcc-snapshot Ubuntu hirsute *
Gcc-snapshot Ubuntu impish *
Gcc-snapshot Ubuntu kinetic *
Gcc-snapshot Ubuntu lunar *
Gcc-snapshot Ubuntu mantic *
Gcc-snapshot Ubuntu oracular *
Gcc-snapshot Ubuntu xenial *
Gccgo-6 Ubuntu xenial *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use