cve-2017-11671
Vulnerability from cvelistv5
Published
2017-07-26 21:00
Modified
2024-08-05 18:12
Severity ?
Summary
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
References
cve@mitre.orghttp://openwall.com/lists/oss-security/2017/07/27/2Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/100018Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2018:0849
cve@mitre.orghttps://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180Issue Tracking, Vendor Advisory
cve@mitre.orghttps://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.htmlMailing List
Impacted products
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:12:40.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2017/07/27/2"
          },
          {
            "name": "100018",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100018"
          },
          {
            "name": "RHSA-2018:0849",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0849"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-11T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://openwall.com/lists/oss-security/2017/07/27/2"
        },
        {
          "name": "100018",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100018"
        },
        {
          "name": "RHSA-2018:0849",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0849"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-11671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://openwall.com/lists/oss-security/2017/07/27/2",
              "refsource": "CONFIRM",
              "url": "http://openwall.com/lists/oss-security/2017/07/27/2"
            },
            {
              "name": "100018",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100018"
            },
            {
              "name": "RHSA-2018:0849",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0849"
            },
            {
              "name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180",
              "refsource": "CONFIRM",
              "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180"
            },
            {
              "name": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html",
              "refsource": "CONFIRM",
              "url": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-11671",
    "datePublished": "2017-07-26T21:00:00",
    "dateReserved": "2017-07-26T00:00:00",
    "dateUpdated": "2024-08-05T18:12:40.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-11671\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-07-26T21:29:00.207\",\"lastModified\":\"2018-04-12T01:29:01.660\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.\"},{\"lang\":\"es\",\"value\":\"Bajo ciertas circunstancias, la funci\u00f3n ix86_expand_builtin en el archivo i386.c en GNU Compiler Collection (GCC) versiones 4.6, 4.7, 4.8, 4.9, versi\u00f3n 5 anterior a 5.5 y versi\u00f3n 6 anterior a 6.4, generar\u00e1 secuencias de instrucciones que marcar\u00e1n el flag status de los intr\u00ednsecos RDRAND y RDSEED antes de que se pueda leer, es posible que no se denuncien los fallos de estas instrucciones. Esto podr\u00eda potencialmente conllevar a una menor aleatoriedad en la generaci\u00f3n de n\u00fameros aleatorios.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.5,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"432D419B-7C47-432B-90CC-CBAD7112FD1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B01EDC85-552A-47B3-9801-99E6D033884E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B242A15-371A-4FB7-9515-46DDA6E07C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1DDA9FF-4383-4E66-8945-41BB25C6C04E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C86C936-3E2E-4E89-A3A4-3E77EF1AE761\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DF2D5BD-B28C-43A2-A990-21F5ECB1C570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D100A33-D544-4613-893B-5BBA013DB2D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1EE4B8E-1E82-415D-950D-13750B99E081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57D66615-998F-4FDA-A1E2-E203E95D55DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D812A692-BBCE-469F-9EA3-DFC0C43B347C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54A4004B-67A0-4677-BC78-3019B14E3C75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6A4748-7738-4259-9B4A-D013CFCCA7F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD09C4A-59C9-4852-BF74-BAF72F4EDA4E\"}]}]}],\"references\":[{\"url\":\"http://openwall.com/lists/oss-security/2017/07/27/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100018\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0849\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.