CVE-2017-11671 - Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (

CVE-2017-11671

Summary

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

References

Vulnerable Configurations

cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 12-04-2018 - 01:29)
Impact:
Exploitability:

CWE

CWE-338

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

bugzilla

id	1529981
title	gcc: incorrect CFI information on i386 with -fstack-clash-protection

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment cpp is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849001
comment cpp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849002
AND
comment gcc is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849003
comment gcc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849004
AND
comment gcc-c++ is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849005
comment gcc-c++ is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849006
AND
comment gcc-gfortran is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849007
comment gcc-gfortran is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849008
AND
comment gcc-gnat is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849009
comment gcc-gnat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849010
AND
comment gcc-go is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849011
comment gcc-go is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849012
AND
comment gcc-objc is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849013
comment gcc-objc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849014
AND
comment gcc-objc++ is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849015
comment gcc-objc++ is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849016

AND

comment gcc-plugin-devel is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849017
comment gcc-plugin-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849018

AND
comment libasan is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849019
comment libasan is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849020

AND

comment libasan-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849021
comment libasan-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849022

AND
comment libatomic is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849023
comment libatomic is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849024

AND

comment libatomic-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849025
comment libatomic-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849026

AND
comment libgcc is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849027
comment libgcc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849028
AND
comment libgfortran is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849029
comment libgfortran is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849030

AND

comment libgfortran-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849031
comment libgfortran-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849032

AND
comment libgnat is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849033
comment libgnat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849034
AND
comment libgnat-devel is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849035
comment libgnat-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849036

AND

comment libgnat-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849037
comment libgnat-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849038

AND
comment libgo is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849039
comment libgo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849040
AND
comment libgo-devel is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849041
comment libgo-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849042
AND
comment libgo-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849043
comment libgo-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849044
AND
comment libgomp is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849045
comment libgomp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849046
AND
comment libitm is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849047
comment libitm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849048
AND
comment libitm-devel is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849049
comment libitm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849050
AND
comment libitm-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849051
comment libitm-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849052
AND
comment libmudflap is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849053
comment libmudflap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849054

AND

comment libmudflap-devel is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849055
comment libmudflap-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849056

AND

comment libmudflap-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849057
comment libmudflap-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849058

AND
comment libobjc is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849059
comment libobjc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849060
AND
comment libquadmath is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849061
comment libquadmath is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849062

AND

comment libquadmath-devel is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849063
comment libquadmath-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849064

AND

comment libquadmath-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849065
comment libquadmath-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849066

AND
comment libstdc++ is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849067
comment libstdc++ is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849068

AND

comment libstdc++-devel is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849069
comment libstdc++-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849070

AND

comment libstdc++-docs is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849071
comment libstdc++-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849072

AND

comment libstdc++-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849073
comment libstdc++-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849074

AND
comment libtsan is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849075
comment libtsan is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849076

AND

comment libtsan-static is earlier than 0:4.8.5-28.el7
oval oval:com.redhat.rhsa:tst:20180849077
comment libtsan-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20180849078

rhsa

id	RHSA-2018:0849
released	2018-04-10
severity	Low
title	RHSA-2018:0849: gcc security, bug fix, and enhancement update (Low)

rpms

cpp-0:4.8.5-28.el7
gcc-0:4.8.5-28.el7
gcc-base-debuginfo-0:4.8.5-28.el7
gcc-c++-0:4.8.5-28.el7
gcc-debuginfo-0:4.8.5-28.el7
gcc-gfortran-0:4.8.5-28.el7
gcc-gnat-0:4.8.5-28.el7
gcc-go-0:4.8.5-28.el7
gcc-objc++-0:4.8.5-28.el7
gcc-objc-0:4.8.5-28.el7
gcc-plugin-devel-0:4.8.5-28.el7
libasan-0:4.8.5-28.el7
libasan-static-0:4.8.5-28.el7
libatomic-0:4.8.5-28.el7
libatomic-static-0:4.8.5-28.el7
libgcc-0:4.8.5-28.el7
libgfortran-0:4.8.5-28.el7
libgfortran-static-0:4.8.5-28.el7
libgnat-0:4.8.5-28.el7
libgnat-devel-0:4.8.5-28.el7
libgnat-static-0:4.8.5-28.el7
libgo-0:4.8.5-28.el7
libgo-devel-0:4.8.5-28.el7
libgo-static-0:4.8.5-28.el7
libgomp-0:4.8.5-28.el7
libitm-0:4.8.5-28.el7
libitm-devel-0:4.8.5-28.el7
libitm-static-0:4.8.5-28.el7
libmudflap-0:4.8.5-28.el7
libmudflap-devel-0:4.8.5-28.el7
libmudflap-static-0:4.8.5-28.el7
libobjc-0:4.8.5-28.el7
libquadmath-0:4.8.5-28.el7
libquadmath-devel-0:4.8.5-28.el7
libquadmath-static-0:4.8.5-28.el7
libstdc++-0:4.8.5-28.el7
libstdc++-devel-0:4.8.5-28.el7
libstdc++-docs-0:4.8.5-28.el7
libstdc++-static-0:4.8.5-28.el7
libtsan-0:4.8.5-28.el7
libtsan-static-0:4.8.5-28.el7

refmap via4

bid	100018
confirm	http://openwall.com/lists/oss-security/2017/07/27/2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html

Last major update

12-04-2018 - 01:29

Published

26-07-2017 - 21:29

Last modified

12-04-2018 - 01:29