CVE: CVE-2009-3238

Export to Word

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00241
Percentile: 0.47338

CVSS Scoring

CVSS v3.1 Score: 5.5

Severity: MEDIUM

Mapped CWE(s)

CWE-338 : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Affected Products

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*

← Back to Home