CVE-2017-11671
The MITRE CVE dictionary describes this issue as:
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Find out more about CVE-2017-11671 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 5.6 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (gcc) | RHSA-2018:0849 | 2018-04-10 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | compat-gcc-44 | Not affected |
| Red Hat Enterprise Linux 7 | compat-gcc-34 | Not affected |
| Red Hat Enterprise Linux 6 | gcc | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-296 | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-295 | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-32 | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-34 | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-34 | Not affected |
| Red Hat Enterprise Linux 5 | gcc | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-32 | Not affected |
| Red Hat Enterprise Linux 5 | gcc44 | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-296 | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-295 | Not affected |
CVE description copyright © 2017, The MITRE Corporation