ID CVE-2017-11671
Summary Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 12-04-2018 - 01:29)
Impact:
Exploitability:
CWE CWE-338
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
bugzilla
id 1529981
title gcc: incorrect CFI information on i386 with -fstack-clash-protection
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment cpp is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849001
        • comment cpp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849002
      • AND
        • comment gcc is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849003
        • comment gcc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849004
      • AND
        • comment gcc-c++ is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849005
        • comment gcc-c++ is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849006
      • AND
        • comment gcc-gfortran is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849007
        • comment gcc-gfortran is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849008
      • AND
        • comment gcc-gnat is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849009
        • comment gcc-gnat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849010
      • AND
        • comment gcc-go is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849011
        • comment gcc-go is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849012
      • AND
        • comment gcc-objc is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849013
        • comment gcc-objc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849014
      • AND
        • comment gcc-objc++ is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849015
        • comment gcc-objc++ is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849016
      • AND
        • comment gcc-plugin-devel is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849017
        • comment gcc-plugin-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849018
      • AND
        • comment libasan is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849019
        • comment libasan is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849020
      • AND
        • comment libasan-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849021
        • comment libasan-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849022
      • AND
        • comment libatomic is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849023
        • comment libatomic is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849024
      • AND
        • comment libatomic-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849025
        • comment libatomic-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849026
      • AND
        • comment libgcc is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849027
        • comment libgcc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849028
      • AND
        • comment libgfortran is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849029
        • comment libgfortran is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849030
      • AND
        • comment libgfortran-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849031
        • comment libgfortran-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849032
      • AND
        • comment libgnat is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849033
        • comment libgnat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849034
      • AND
        • comment libgnat-devel is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849035
        • comment libgnat-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849036
      • AND
        • comment libgnat-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849037
        • comment libgnat-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849038
      • AND
        • comment libgo is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849039
        • comment libgo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849040
      • AND
        • comment libgo-devel is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849041
        • comment libgo-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849042
      • AND
        • comment libgo-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849043
        • comment libgo-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849044
      • AND
        • comment libgomp is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849045
        • comment libgomp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849046
      • AND
        • comment libitm is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849047
        • comment libitm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849048
      • AND
        • comment libitm-devel is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849049
        • comment libitm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849050
      • AND
        • comment libitm-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849051
        • comment libitm-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849052
      • AND
        • comment libmudflap is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849053
        • comment libmudflap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849054
      • AND
        • comment libmudflap-devel is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849055
        • comment libmudflap-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849056
      • AND
        • comment libmudflap-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849057
        • comment libmudflap-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849058
      • AND
        • comment libobjc is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849059
        • comment libobjc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849060
      • AND
        • comment libquadmath is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849061
        • comment libquadmath is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849062
      • AND
        • comment libquadmath-devel is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849063
        • comment libquadmath-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849064
      • AND
        • comment libquadmath-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849065
        • comment libquadmath-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849066
      • AND
        • comment libstdc++ is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849067
        • comment libstdc++ is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849068
      • AND
        • comment libstdc++-devel is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849069
        • comment libstdc++-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849070
      • AND
        • comment libstdc++-docs is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849071
        • comment libstdc++-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849072
      • AND
        • comment libstdc++-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849073
        • comment libstdc++-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849074
      • AND
        • comment libtsan is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849075
        • comment libtsan is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849076
      • AND
        • comment libtsan-static is earlier than 0:4.8.5-28.el7
          oval oval:com.redhat.rhsa:tst:20180849077
        • comment libtsan-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20180849078
rhsa
id RHSA-2018:0849
released 2018-04-10
severity Low
title RHSA-2018:0849: gcc security, bug fix, and enhancement update (Low)
rpms
  • cpp-0:4.8.5-28.el7
  • gcc-0:4.8.5-28.el7
  • gcc-base-debuginfo-0:4.8.5-28.el7
  • gcc-c++-0:4.8.5-28.el7
  • gcc-debuginfo-0:4.8.5-28.el7
  • gcc-gfortran-0:4.8.5-28.el7
  • gcc-gnat-0:4.8.5-28.el7
  • gcc-go-0:4.8.5-28.el7
  • gcc-objc++-0:4.8.5-28.el7
  • gcc-objc-0:4.8.5-28.el7
  • gcc-plugin-devel-0:4.8.5-28.el7
  • libasan-0:4.8.5-28.el7
  • libasan-static-0:4.8.5-28.el7
  • libatomic-0:4.8.5-28.el7
  • libatomic-static-0:4.8.5-28.el7
  • libgcc-0:4.8.5-28.el7
  • libgfortran-0:4.8.5-28.el7
  • libgfortran-static-0:4.8.5-28.el7
  • libgnat-0:4.8.5-28.el7
  • libgnat-devel-0:4.8.5-28.el7
  • libgnat-static-0:4.8.5-28.el7
  • libgo-0:4.8.5-28.el7
  • libgo-devel-0:4.8.5-28.el7
  • libgo-static-0:4.8.5-28.el7
  • libgomp-0:4.8.5-28.el7
  • libitm-0:4.8.5-28.el7
  • libitm-devel-0:4.8.5-28.el7
  • libitm-static-0:4.8.5-28.el7
  • libmudflap-0:4.8.5-28.el7
  • libmudflap-devel-0:4.8.5-28.el7
  • libmudflap-static-0:4.8.5-28.el7
  • libobjc-0:4.8.5-28.el7
  • libquadmath-0:4.8.5-28.el7
  • libquadmath-devel-0:4.8.5-28.el7
  • libquadmath-static-0:4.8.5-28.el7
  • libstdc++-0:4.8.5-28.el7
  • libstdc++-devel-0:4.8.5-28.el7
  • libstdc++-docs-0:4.8.5-28.el7
  • libstdc++-static-0:4.8.5-28.el7
  • libtsan-0:4.8.5-28.el7
  • libtsan-static-0:4.8.5-28.el7
refmap via4
bid 100018
confirm
Last major update 12-04-2018 - 01:29
Published 26-07-2017 - 21:29
Last modified 12-04-2018 - 01:29
Back to Top