CVE-2009-3238

MEDIUM

5.5

CVSS Severity Score

EPSS Score0.1530%

EPSS Percentile8.57th

PublishedSep 18, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Affected Platforms (CPE)

💻

Linux

Linux Kernel

< 2.6.30

💻

Canonical

Ubuntu Linux

= 6.06

💻

Canonical

Ubuntu Linux

= 8.04

💻

Canonical

Ubuntu Linux

= 8.10

💻

Canonical

Ubuntu Linux

= 9.04

💻

Opensuse

= 11.0

💻

Suse

Linux Enterprise Desktop

= 10

💻

Suse

Linux Enterprise Server

= 10

References & Advisories

🔗 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02

🔗 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

🔗 http://patchwork.kernel.org/patch/21766/

🔗 http://secunia.com/advisories/37105

🔗 http://secunia.com/advisories/37351

🔗 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30

🔗 http://www.redhat.com/support/errata/RHSA-2009-1438.html

Vulnerability Description

Affected Platforms (CPE)

Linux Kernel

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

Opensuse

Linux Enterprise Desktop

Linux Enterprise Server

References & Advisories

Related Vulnerabilities