CVE-2017-11671

4MEDIUM

Key Information:

Vendor
Gnu
Status
Gcc
Vendor
CVE Published:
26 July 2017

Summary

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

References

http://openwall.com/lists/oss-security/2017/07/27/2
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100018
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0849
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.