CVE-2009-3238

MEDIUM

Linux kernel <2.6.30 - Info Disclosure

Title source: llm
STIX 2.1

Description

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-852-1
Broken Link, Patch x_refsource_confirm
http://patchwork.kernel.org/patch/21766/
Issue Tracking, Permissions Required x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=519692
Broken Link, Exploit, Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37351
Issue Tracking, Permissions Required x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=499785
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1438.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37105

Scores

CVSS v3 5.5
EPSS 0.0163
EPSS Percentile 73.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-338
Status published
Products (8)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
canonical/ubuntu_linux 9.04
linux/linux_kernel < 2.6.30
opensuse/opensuse 11.0
suse/linux_enterprise_desktop 10 sp2
suse/linux_enterprise_server 10 sp2
Published Sep 18, 2009
Tracked Since Feb 18, 2026