CVE-2017-11671
Summary
| CVE | CVE-2017-11671 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-07-26 21:29:00 UTC |
| Updated | 2018-04-12 01:29:00 UTC |
| Description | Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. |
Risk And Classification
Problem Types: CWE-338
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnu | Gcc | 4.6 | All | All | All |
| Application | Gnu | Gcc | 4.7 | All | All | All |
| Application | Gnu | Gcc | 4.8 | All | All | All |
| Application | Gnu | Gcc | 4.9 | All | All | All |
| Application | Gnu | Gcc | 5.0 | All | All | All |
| Application | Gnu | Gcc | 5.1 | All | All | All |
| Application | Gnu | Gcc | 5.2 | All | All | All |
| Application | Gnu | Gcc | 5.3 | All | All | All |
| Application | Gnu | Gcc | 5.4 | All | All | All |
| Application | Gnu | Gcc | 6.0 | All | All | All |
| Application | Gnu | Gcc | 6.1 | All | All | All |
| Application | Gnu | Gcc | 6.2 | All | All | All |
| Application | Gnu | Gcc | 6.3 | All | All | All |
| Application | Gnu | Gcc | 4.6 | All | All | All |
| Application | Gnu | Gcc | 4.7 | All | All | All |
| Application | Gnu | Gcc | 4.8 | All | All | All |
| Application | Gnu | Gcc | 4.9 | All | All | All |
| Application | Gnu | Gcc | 5.0 | All | All | All |
| Application | Gnu | Gcc | 5.1 | All | All | All |
| Application | Gnu | Gcc | 5.2 | All | All | All |
| Application | Gnu | Gcc | 5.3 | All | All | All |
| Application | Gnu | Gcc | 5.4 | All | All | All |
| Application | Gnu | Gcc | 6.0 | All | All | All |
| Application | Gnu | Gcc | 6.1 | All | All | All |
| Application | Gnu | Gcc | 6.2 | All | All | All |
| Application | Gnu | Gcc | 6.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Uros Bizjak - [PATCH, i386]: Fix PR 80180, Incorrect codegen from rdseed intrinsic use | CONFIRM | gcc.gnu.org | Mailing List |
| GNU GCC CVE-2017-11671 Insecure Random Number Generator Weakness | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| oss-security - CVE-2017-11671: GCC generates incorrect code for RDRAND/RDSEED intrinsics | CONFIRM | openwall.com | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| 80180 – (CVE-2017-11671) Incorrect codegen from rdseed intrinsic use (CVE-2017-11671) | CONFIRM | gcc.gnu.org | Issue Tracking, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.