CVE-2017-11671
CVSS V2 Low 2.1
CVSS V3 Medium 4
Description
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
Overview
- CVE ID
- CVE-2017-11671
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2017-07-26T21:29:00
- Last Modified Date
- 2018-04-12T01:29:01
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:gnu:gcc:4.6:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:4.7:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:4.8:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:4.9:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:5.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:5.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:5.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:5.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:5.4:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:6.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:6.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:6.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:gnu:gcc:6.3:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 2.1
- Severity
- LOW
- Exploitability Score
- 3.9
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 4
- Base Severity
- MEDIUM
- Exploitability Score
- 2.5
- Impact Score
- 1.4
References
| Reference URL | Reference Tags |
|---|---|
| https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html | Mailing List |
| https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 | Issue Tracking Vendor Advisory |
| http://openwall.com/lists/oss-security/2017/07/27/2 | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/100018 | Third Party Advisory VDB Entry |
| https://access.redhat.com/errata/RHSA-2018:0849 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2017-11671 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11671 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 18:45:46 | Added to TrackCVE | |||
| 2022-12-02 19:07:36 | 2017-07-26T21:29Z | 2017-07-26T21:29:00 | CVE Published Date | updated |
| 2022-12-02 19:07:36 | 2018-04-12T01:29:01 | CVE Modified Date | updated | |
| 2022-12-02 19:07:36 | Modified | Vulnerability Status | updated |