ID |
CVE-2017-11671
|
Summary |
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*
|
CVSS |
Base: | 2.1 (as of 12-04-2018 - 01:29) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-338 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
redhat
via4
|
advisories | bugzilla | id | 1529981 | title | gcc: incorrect CFI information on i386 with -fstack-clash-protection |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
|
|
| rhsa | id | RHSA-2018:0849 | released | 2018-04-10 | severity | Low | title | RHSA-2018:0849: gcc security, bug fix, and enhancement update (Low) |
|
| rpms | - cpp-0:4.8.5-28.el7
- gcc-0:4.8.5-28.el7
- gcc-base-debuginfo-0:4.8.5-28.el7
- gcc-c++-0:4.8.5-28.el7
- gcc-debuginfo-0:4.8.5-28.el7
- gcc-gfortran-0:4.8.5-28.el7
- gcc-gnat-0:4.8.5-28.el7
- gcc-go-0:4.8.5-28.el7
- gcc-objc++-0:4.8.5-28.el7
- gcc-objc-0:4.8.5-28.el7
- gcc-plugin-devel-0:4.8.5-28.el7
- libasan-0:4.8.5-28.el7
- libasan-static-0:4.8.5-28.el7
- libatomic-0:4.8.5-28.el7
- libatomic-static-0:4.8.5-28.el7
- libgcc-0:4.8.5-28.el7
- libgfortran-0:4.8.5-28.el7
- libgfortran-static-0:4.8.5-28.el7
- libgnat-0:4.8.5-28.el7
- libgnat-devel-0:4.8.5-28.el7
- libgnat-static-0:4.8.5-28.el7
- libgo-0:4.8.5-28.el7
- libgo-devel-0:4.8.5-28.el7
- libgo-static-0:4.8.5-28.el7
- libgomp-0:4.8.5-28.el7
- libitm-0:4.8.5-28.el7
- libitm-devel-0:4.8.5-28.el7
- libitm-static-0:4.8.5-28.el7
- libmudflap-0:4.8.5-28.el7
- libmudflap-devel-0:4.8.5-28.el7
- libmudflap-static-0:4.8.5-28.el7
- libobjc-0:4.8.5-28.el7
- libquadmath-0:4.8.5-28.el7
- libquadmath-devel-0:4.8.5-28.el7
- libquadmath-static-0:4.8.5-28.el7
- libstdc++-0:4.8.5-28.el7
- libstdc++-devel-0:4.8.5-28.el7
- libstdc++-docs-0:4.8.5-28.el7
- libstdc++-static-0:4.8.5-28.el7
- libtsan-0:4.8.5-28.el7
- libtsan-static-0:4.8.5-28.el7
|
|
refmap
via4
|
|
Last major update |
12-04-2018 - 01:29 |
Published |
26-07-2017 - 21:29 |
Last modified |
12-04-2018 - 01:29 |