Wind River Support Network


LIN9-4793 : Security Advisory - gcc - CVE-2017-11671

Created: Jul 27, 2017    Updated: May 29, 2018
Resolved Date: Sep 13, 2017
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Toolchain


Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported.


Earlier this year, a GCC bug was fixed which could lead to intrinsics
for RDRAND and (more likely) RDSEED to produce non-random results.
These instructions use the carry flag to report success or failure,
and GCC used to generate instruction sequences which clobbered the
flag before applications had a change to read it:


Live chat