CVE-2009-3238

MEDIUMCVSS 5.5

5.5

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

🔗 References (26)

cve@mitrehttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
cve@mitrehttp://patchwork.kernel.org/patch/21766/
cve@mitrehttp://secunia.com/advisories/37105
cve@mitrehttp://secunia.com/advisories/37351
cve@mitrehttp://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
cve@mitrehttp://www.redhat.com/support/errata/RHSA-2009-1438.html
cve@mitrehttp://www.ubuntu.com/usn/USN-852-1
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=499785
cve@mitrehttps://bugzilla.redhat.com/show_bug.cgi?id=519692
cve@mitrehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
cve@mitrehttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

Is Your Infrastructure Affected by CVE-2009-3238?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-3238

📅 Published

🔄 Last Modified

🔗 References (26)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-3238?