CVE-2017-11671

CWE-33810 documents7 sources

Severity

4.0MEDIUM

EPSS

0.1%

top 71.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU GCC

Timeline

PublishedJul 26

Latest updateDec 8

Description

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.5 | Impact: 1.4

Affected Packages3 packages

▶Ubuntugcc-5< 5.4.0-6ubuntu1~16.04.12+esm2

▶Ubuntugccgo-6< 6.0.1-0ubuntu1+esm1

▶NVDgnu/gcc13 versions+12

🔴Vulnerability Details

GHSA

GHSA-9qgp-g97v-qq69: Under certain circumstances, the ix86_expand_builtin function in i386↗2022-05-14

▶

CVEList

CVE-2017-11671: Under certain circumstances, the ix86_expand_builtin function in i386↗2017-07-26

▶

OSV

CVE-2017-11671: Under certain circumstances, the ix86_expand_builtin function in i386↗2017-07-26

▶

📋Vendor Advisories

Ubuntu

GCC vulnerability↗2022-12-08

▶

Red Hat

gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics↗2017-03-25

▶

💬Community

Bugzilla

CVE-2017-11671 gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics↗2017-07-27

▶

Bugzilla

CVE-2017-11671 gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics [fedora-25]↗2017-07-27

▶

Bugzilla

CVE-2017-11671 mingw-gcc: gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics [fedora-25]↗2017-07-27

▶

Bugzilla

CVE-2017-11671 mingw-gcc: gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics [epel-all]↗2017-07-27

▶