CVE-2017-11671: Weak RNG
First published: Wed Jul 26 2017(Updated: )
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/gcc | <5.5 | 5.5 |
| redhat/gcc | <6.4 | 6.4 |
| GNU GCC | =4.6 | |
| GNU GCC | =4.7 | |
| GNU GCC | =4.8 | |
| GNU GCC | =4.9 | |
| GNU GCC | =5.0 | |
| GNU GCC | =5.1 | |
| GNU GCC | =5.2 | |
| GNU GCC | =5.3 | |
| GNU GCC | =5.4 | |
| GNU GCC | =6.0 | |
| GNU GCC | =6.1 | |
| GNU GCC | =6.2 | |
| GNU GCC | =6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://openwall.com/lists/oss-security/2017/07/27/2
- http://www.securityfocus.com/bid/100018
- https://access.redhat.com/errata/RHSA-2018:0849
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180
- https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html
- http://seclists.org/oss-sec/2017/q3/218
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1475735
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1475736
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1475737
- https://bugzilla.redhat.com/show_bug.cgi?id=1475733
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-11671
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/gnu
- canonical/gnu gcc
- version/gnu gcc/4.6
- version/gnu gcc/4.7
- version/gnu gcc/4.8
- version/gnu gcc/4.9
- version/gnu gcc/5.0
- version/gnu gcc/5.1
- version/gnu gcc/5.2
- version/gnu gcc/5.3
- version/gnu gcc/5.4
- version/gnu gcc/6.0
- version/gnu gcc/6.1
- version/gnu gcc/6.2
- version/gnu gcc/6.3
- package-manager/redhat