The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. Reference: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
Created gcc tracking bugs for this issue: Affects: fedora-all [bug 1755525] Created mingw-gcc tracking bugs for this issue: Affects: epel-all [bug 1755527] Affects: fedora-all [bug 1755526]
Statement: As per upstream DARN (or power9) is not supported in GCC 6 or older, therefore versions of gcc shipped with Red Hat Enterprise Linux 5, 6 and 7 are not affected by this flaw.
External References: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:0924 https://access.redhat.com/errata/RHSA-2020:0924
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-15847
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1864 https://access.redhat.com/errata/RHSA-2020:1864
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:2274 https://access.redhat.com/errata/RHSA-2020:2274