Medium severity4.0NVD Advisory· Published Jul 26, 2017· Updated May 13, 2026
CVE-2017-11671
CVE-2017-11671
Description
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Affected products
13cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- openwall.com/lists/oss-security/2017/07/27/2nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/100018nvdThird Party AdvisoryVDB Entry
- gcc.gnu.org/bugzilla/show_bug.cginvdIssue TrackingVendor Advisory
- gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.htmlnvdMailing List
- access.redhat.com/errata/RHSA-2018:0849nvd
News mentions
0No linked articles in our index yet.