CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

References

Affected packages

Git / github.com/gcc-mirror/gcc

Affected ranges

Type: GIT
Repo: https://github.com/gcc-mirror/gcc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0c1af5b6fde830146e5003b018ebabd2095533f4

Last affected

372a443092ee1656c6d866a16e6da6df32b1f71d

Last affected

4cf01c09fe137b7a70b9879ca396823615962eb3

Last affected

7a3af1a36b1965ae3d60e1f397a0d3ca17619d43

Last affected

7a5558ee1c57939c34d0d9a337b26533c94a75e2

Last affected

91c632c88994dca583bcd94e39cd3eba1506ecfe

Last affected

a9425683787eeba7b9a4bb6c36588885160ab1f1

Last affected

ade89f291493b5e697047441c1193e5fc8278d3e

Last affected

ae02e369d7a25c78527e89ca132ec1909902631d

Last affected

c8898526d699174304c71ad2c2f0805bf7e27d93

Last affected

ea29f0882c0cb710b0444744eaf368cf0143d7a0

Affected versions

Other

basepoints/gcc-0

basepoints/gcc-5

basepoints/gcc-6

misc/cutover-cvs2svn

misc/cutover-egcs-0

misc/cutover-egcs-1

releases/gcc-4.*

releases/gcc-4.6.0

releases/gcc-4.7.0

releases/gcc-4.8.0

releases/gcc-4.9.0

releases/gcc-5.*

releases/gcc-5.1.0

releases/gcc-5.2.0

releases/gcc-6.*

releases/gcc-6.1.0

releases/gcc-6.2.0