The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
Weakness
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gcc | Gnu | * | 7.5.0 (excluding) |
| Gcc | Gnu | 8.0 (including) | 8.4.0 (excluding) |
| Gcc | Gnu | 9.0 (including) | 9.3.0 (excluding) |
| Gcc | Gnu | 10.0 (including) | 10.1.0 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | gcc-0:8.3.1-5.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | gcc-0:8.3.1-5.el8 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | devtoolset-8-gcc-0:8.3.1-3.2.el6 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | devtoolset-8-gcc-0:8.3.1-3.2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | devtoolset-9-gcc-0:9.3.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | devtoolset-8-gcc-0:8.3.1-3.2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | devtoolset-8-gcc-0:8.3.1-3.2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | devtoolset-9-gcc-0:9.3.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | devtoolset-8-gcc-0:8.3.1-3.2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | devtoolset-9-gcc-0:9.3.1-2.el7 | * |
| Gcc-10 | Ubuntu | esm-infra/focal | * |
| Gcc-10 | Ubuntu | focal | * |
| Gcc-10 | Ubuntu | upstream | * |
| Gcc-4.8 | Ubuntu | trusty | * |
| Gcc-6 | Ubuntu | bionic | * |
| Gcc-6 | Ubuntu | disco | * |
| Gcc-6-cross | Ubuntu | bionic | * |
| Gcc-6-cross-ports | Ubuntu | bionic | * |
| Gcc-7 | Ubuntu | bionic | * |
| Gcc-7 | Ubuntu | disco | * |
| Gcc-7 | Ubuntu | eoan | * |
| Gcc-7 | Ubuntu | esm-infra/bionic | * |
| Gcc-7 | Ubuntu | upstream | * |
| Gcc-7-cross | Ubuntu | bionic | * |
| Gcc-7-cross | Ubuntu | disco | * |
| Gcc-7-cross-ports | Ubuntu | bionic | * |
| Gcc-7-cross-ports | Ubuntu | disco | * |
| Gcc-8 | Ubuntu | bionic | * |
| Gcc-8 | Ubuntu | disco | * |
| Gcc-8 | Ubuntu | esm-infra/bionic | * |
| Gcc-8 | Ubuntu | upstream | * |
| Gcc-8-cross | Ubuntu | bionic | * |
| Gcc-8-cross | Ubuntu | disco | * |
| Gcc-8-cross | Ubuntu | eoan | * |
| Gcc-8-cross | Ubuntu | focal | * |
| Gcc-8-cross | Ubuntu | groovy | * |
| Gcc-8-cross | Ubuntu | hirsute | * |
| Gcc-8-cross-ports | Ubuntu | bionic | * |
| Gcc-8-cross-ports | Ubuntu | disco | * |
| Gcc-8-cross-ports | Ubuntu | eoan | * |
| Gcc-8-cross-ports | Ubuntu | focal | * |
| Gcc-8-cross-ports | Ubuntu | groovy | * |
| Gcc-8-cross-ports | Ubuntu | hirsute | * |
| Gcc-9 | Ubuntu | disco | * |
| Gcc-9 | Ubuntu | upstream | * |
| Gcc-9-cross | Ubuntu | disco | * |
| Gcc-9-cross | Ubuntu | eoan | * |
| Gcc-9-cross | Ubuntu | groovy | * |
| Gcc-9-cross | Ubuntu | hirsute | * |
| Gcc-9-cross | Ubuntu | impish | * |
| Gcc-9-cross | Ubuntu | kinetic | * |
| Gcc-9-cross | Ubuntu | lunar | * |
| Gcc-9-cross | Ubuntu | mantic | * |
| Gcc-9-cross-ports | Ubuntu | disco | * |
| Gcc-9-cross-ports | Ubuntu | eoan | * |
| Gcc-9-cross-ports | Ubuntu | focal | * |
| Gcc-9-cross-ports | Ubuntu | groovy | * |
| Gcc-9-cross-ports | Ubuntu | hirsute | * |
| Gcc-9-cross-ports | Ubuntu | impish | * |
| Gcc-9-cross-ports | Ubuntu | kinetic | * |
| Gcc-9-cross-ports | Ubuntu | lunar | * |
| Gcc-9-cross-ports | Ubuntu | mantic | * |
| Gcc-defaults | Ubuntu | bionic | * |
| Gcc-defaults | Ubuntu | disco | * |
| Gcc-defaults | Ubuntu | eoan | * |
| Gcc-defaults | Ubuntu | groovy | * |
| Gcc-defaults | Ubuntu | hirsute | * |
| Gcc-defaults | Ubuntu | impish | * |
| Gcc-defaults | Ubuntu | kinetic | * |
| Gcc-defaults | Ubuntu | lunar | * |
| Gcc-defaults | Ubuntu | mantic | * |
| Gcc-defaults | Ubuntu | precise/esm | * |
| Gcc-defaults | Ubuntu | trusty | * |
| Gcc-defaults | Ubuntu | xenial | * |
| Gcc-snapshot | Ubuntu | bionic | * |
| Gcc-snapshot | Ubuntu | disco | * |
| Gcc-snapshot | Ubuntu | eoan | * |
| Gcc-snapshot | Ubuntu | focal | * |
| Gcc-snapshot | Ubuntu | groovy | * |
| Gcc-snapshot | Ubuntu | hirsute | * |
| Gcc-snapshot | Ubuntu | impish | * |
| Gcc-snapshot | Ubuntu | kinetic | * |
| Gcc-snapshot | Ubuntu | lunar | * |
| Gcc-snapshot | Ubuntu | mantic | * |
| Gcc-snapshot | Ubuntu | oracular | * |
| Gcc-snapshot | Ubuntu | plucky | * |
| Gcc-snapshot | Ubuntu | xenial | * |
| Gccgo-6 | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
References
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481