CVE-2009-3238

MEDIUM

Linux kernel <2.6.30 - Info Disclosure

Title source: llm

Description

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

References (13)

[Third Party Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us

[Third Party Advisory] http://www.ubuntu.com/usn/USN-852-1

[Broken Link, Patch] http://patchwork.kernel.org/patch/21766/

[Issue Tracking, Permissions Required] https://bugzilla.redhat.com/show_bug.cgi?id=519692

[Broken Link, Exploit, Vendor Advisory] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30

[Broken Link] http://secunia.com/advisories/37351

[Issue Tracking, Permissions Required] https://bugzilla.redhat.com/show_bug.cgi?id=499785

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168

[Broken Link] http://www.redhat.com/support/errata/RHSA-2009-1438.html

[Broken Link] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

[Broken Link] http://secunia.com/advisories/37105

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 47.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-338

Status published

Products (8)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 8.10

canonical/ubuntu_linux 9.04

linux/linux_kernel < 2.6.30

opensuse/opensuse 11.0

suse/linux_enterprise_desktop 10 sp2

suse/linux_enterprise_server 10 sp2

Published Sep 18, 2009

Tracked Since Feb 18, 2026