7.8

CVE-2009-3238

Exploit

EPSS 0.24%
Published 18.09.2009 10:30:01
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Affected products Warnungen 0 Metrics 3 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 2.6.30

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

Opensuse ≫ Opensuse Version11.0

Suse ≫ Linux Enterprise Desktop Version10 Updatesp2

Suse ≫ Linux Enterprise Server Version10 Updatesp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.446

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:C/I:N/A:N

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

Mailing List

http://secunia.com/advisories/37351

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Mailing List

http://www.redhat.com/support/errata/RHSA-2009-1438.html

Broken Link

http://secunia.com/advisories/37105

Broken Link

http://www.ubuntu.com/usn/USN-852-1

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02

Broken Link

http://patchwork.kernel.org/patch/21766/

Patch

Broken Link

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30

Vendor Advisory

Exploit

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=499785

Issue Tracking

Permissions Required

https://bugzilla.redhat.com/show_bug.cgi?id=519692

Issue Tracking

Permissions Required

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168

Broken Link

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-3238

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3238

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3238

EUVD