CVE-2017-11671

Name of the Vulnerable Software and Affected Versions GNU Compiler Collection (GCC) versions 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4

Description The issue arises in the ix86 expand builtin function in i386.c, where under certain circumstances, it generates instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read. This could potentially cause failures of these instructions to go unreported, leading to less randomness in random number generation.

Recommendations For GNU Compiler Collection (GCC) version 4.6, update to a version after 4.6. For GNU Compiler Collection (GCC) version 4.7, update to a version after 4.7. For GNU Compiler Collection (GCC) version 4.8, update to a version after 4.8. For GNU Compiler Collection (GCC) version 4.9, update to a version after 4.9. For GNU Compiler Collection (GCC) version 5 before 5.5, update to version 5.5 or later. For GNU Compiler Collection (GCC) version 6 before 6.4, update to version 6.4 or later.