CVE-2017-11671
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/07/2017
Last modified:
20/04/2025
Description
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Impact
Base Score 3.x
4.00
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://openwall.com/lists/oss-security/2017/07/27/2
- http://www.securityfocus.com/bid/100018
- https://access.redhat.com/errata/RHSA-2018:0849
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180
- https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html
- http://openwall.com/lists/oss-security/2017/07/27/2
- http://www.securityfocus.com/bid/100018
- https://access.redhat.com/errata/RHSA-2018:0849
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180
- https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html