CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-3238

MEDIUM
5.5
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile8.57th
Published2009年9月18日
Last Modified2026年4月23日

Vulnerability Description

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Affected Platforms (CPE)

💻
Linux

Linux Kernel

< 2.6.30
💻
Canonical

Ubuntu Linux

= 6.06
💻
Canonical

Ubuntu Linux

= 8.04
💻
Canonical

Ubuntu Linux

= 8.10
💻
Canonical

Ubuntu Linux

= 9.04
💻
Opensuse

Opensuse

= 11.0
💻
Suse

Linux Enterprise Desktop

= 10
💻
Suse

Linux Enterprise Server

= 10

References & Advisories

🔗 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
🔗 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
🔗 http://patchwork.kernel.org/patch/21766/
🔗 http://secunia.com/advisories/37105
🔗 http://secunia.com/advisories/37351
🔗 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
🔗 http://www.redhat.com/support/errata/RHSA-2009-1438.html

相关漏洞威胁

CVE-2000-074710.0

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and k...

CVE-2002-157210.0

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown imp...

CVE-2000-050610.0

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting th...

CVE-2002-157310.0

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and...