CVE-2017-11671

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-11671
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11671.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-11671
Related
Published
2017-07-26T21:29:00Z
Modified
2025-04-20T03:55:55.117918Z
Downstream
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

References

Affected packages

Git / github.com/gcc-mirror/gcc

Affected versions

Other

basepoints/gcc-0
basepoints/gcc-5
basepoints/gcc-6
misc/cutover-cvs2svn
misc/cutover-egcs-0
misc/cutover-egcs-1

releases/gcc-4.*

releases/gcc-4.6.0
releases/gcc-4.7.0
releases/gcc-4.8.0
releases/gcc-4.9.0

releases/gcc-5.*

releases/gcc-5.1.0
releases/gcc-5.2.0

releases/gcc-6.*

releases/gcc-6.1.0
releases/gcc-6.2.0