Message Image

Skip main navigation (Press Enter).

IBM TechXchange Community Conference Events IBM Developer

IBM TechXchange Community Conference Events IBM Developer

Power

View Only

Back to discussions

Expand all | Collapse all

vulnerability CVE-2019-15847 and gcc 8.3 AIX7.1

1. vulnerability CVE-2019-15847 and gcc 8.3 AIX7.1

Like
Lukasz Kowalczyk
Posted Wed December 14, 2022 10:16 AM

Reply
According to NVD, this vulnerability affects gcc in version 8.3.0.
The gcc installed on the AIX machine is taken from ( https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.1/gcc8/gcc8-cplusplus-8.3.0-6.aix7.1.ppc.rpm ).

I tried to test if this version is affected using code provided in https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481, but it seems that this gcc version does not contain POWER9 function __builtin_darn().

>bash-5.1# gcc-8 -maix64 darn.c -o darn
darn.c: In function 'main':
darn.c:8:21: warning: implicit declaration of function '__builtin_darn'; did you mean '__builtin_nan'? [-Wimplicit-function-declaration]
darn[i] = __builtin_darn(); // or __builtin_darn_raw()
^~~~~~~~~~~~~~
__builtin_nan
ld: 0711-317 ERROR: Undefined symbol: .__builtin_darn

I have the same result when compiling 32bit version.

Can anyone confirm/deny that gcc 8.3.0-6 build for AIX is not vulnerable to this CVE?

------------------------------
Lukasz Kowalczyk
------------------------------

Additional
Resources

Discover these carefully selected resources to dive deeper into your journey and unlock fresh insights

Office

If you need immediate assistance please contact the Community Management team

support@communitysite.ibm.com

Monday - Friday: 8AM - 5 PM MT

Powered by Higher Logic