Back to search
CVE-2009-3238
Published: Sep 18, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-852-1
vendor-advisory
x_refsource_UBUNTU
http://patchwork.kernel.org/patch/21766/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=519692
x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
x_refsource_CONFIRM
37351
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=499785
x_refsource_CONFIRM
SUSE-SA:2010:012
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:11168
vdb-entry
signature
x_refsource_OVAL
RHSA-2009:1438
vendor-advisory
x_refsource_REDHAT
SUSE-SA:2009:054
vendor-advisory
x_refsource_SUSE
37105
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now