CVE-2009-3238

EUVD-2009-3221
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
< 2.6.30
canonicalubuntu_linux
6.06
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
opensuseopensuse
11.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
dapper
dne
hardy
Fixed 2.6.24-25.63
released
intrepid
Fixed 2.6.27-15.43
released
jaunty
Fixed 2.6.28-16.55
released
linux-source-2.6.15
dapper
Fixed 2.6.15-55.80
released
hardy
dne
intrepid
dne
jaunty
dne
Common Weakness Enumeration
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://patchwork.kernel.org/patch/21766/
http://secunia.com/advisories/37105
http://secunia.com/advisories/37351
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
http://www.redhat.com/support/errata/RHSA-2009-1438.html
http://www.ubuntu.com/usn/USN-852-1
https://bugzilla.redhat.com/show_bug.cgi?id=499785
https://bugzilla.redhat.com/show_bug.cgi?id=519692
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://patchwork.kernel.org/patch/21766/
http://secunia.com/advisories/37105
http://secunia.com/advisories/37351
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
http://www.redhat.com/support/errata/RHSA-2009-1438.html
http://www.ubuntu.com/usn/USN-852-1
https://bugzilla.redhat.com/show_bug.cgi?id=499785
https://bugzilla.redhat.com/show_bug.cgi?id=519692
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us