CVE-2017-11671

Name: CVE-2017-11671
Creator: NVD / NIST
Published: 2017-07-26T21:29:00.207+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.44%

Last modified Jun 17, 2026

CVE-2017-11671 is a vulnerability of currently unknown severity. Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.

Description

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

Metrics

EPSS Probability

0.44%

35.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-338

Affected Software

Vendor	Product	Versions
Gnu	Gcc	4.6
Gnu	Gcc	4.7
Gnu	Gcc	4.8
Gnu	Gcc	4.9
Gnu	Gcc	5.0
Gnu	Gcc	5.1
Gnu	Gcc	5.2
Gnu	Gcc	5.3
Gnu	Gcc	5.4
Gnu	Gcc	6.0
Gnu	Gcc	6.1
Gnu	Gcc	6.2
Gnu	Gcc	6.3

References

http://openwall.com/lists/oss-security/2017/07/27/2Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/100018Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:0849
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180Issue Tracking, Vendor Advisory
https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.htmlMailing List
http://openwall.com/lists/oss-security/2017/07/27/2Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/100018Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:0849
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180Issue Tracking, Vendor Advisory
https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.htmlMailing List

Timeline

Published: Jul 26, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-11671?

How severe is CVE-2017-11671?

Severity scoring for CVE-2017-11671 is pending analysis. The EPSS model estimates a 0.44% probability of exploitation in the next 30 days.

How do I fix CVE-2017-11671?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-11671?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST

Vendor	Product	Versions
Gnu	Gcc	4.6
Gnu	Gcc	4.7
Gnu	Gcc	4.8
Gnu	Gcc	4.9
Gnu	Gcc	5.0
Gnu	Gcc	5.1
Gnu	Gcc	5.2
Gnu	Gcc	5.3
Gnu	Gcc	5.4
Gnu	Gcc	6.0
Gnu	Gcc	6.1
Gnu	Gcc	6.2
Gnu	Gcc	6.3

Vendor	Product	Versions
Gnu	Gcc	4.6
Gnu	Gcc	4.7
Gnu	Gcc	4.8
Gnu	Gcc	4.9
Gnu	Gcc	5.0
Gnu	Gcc	5.1
Gnu	Gcc	5.2
Gnu	Gcc	5.3
Gnu	Gcc	5.4
Gnu	Gcc	6.0
Gnu	Gcc	6.1
Gnu	Gcc	6.2
Gnu	Gcc	6.3

Vendor	Product	Versions
Gnu	Gcc	4.6
Gnu	Gcc	4.7
Gnu	Gcc	4.8
Gnu	Gcc	4.9
Gnu	Gcc	5.0
Gnu	Gcc	5.1
Gnu	Gcc	5.2
Gnu	Gcc	5.3
Gnu	Gcc	5.4
Gnu	Gcc	6.0
Gnu	Gcc	6.1
Gnu	Gcc	6.2
Gnu	Gcc	6.3