CVE-2009-3238 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-3238 PUBLISHED CVSS 5.5 MEDIUM

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

EPSS 0.24% · 47.2th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.24%

47.2th percentile

Affected Products

Vendor	Product	Versions
canonical	ubuntu_linux	8.04, 6.06, 8.10
suse	linux_enterprise_desktop	10
linux	linux_kernel	0
opensuse	opensuse	11.0
suse	linux_enterprise_server	10
n/a	n/a	n/a

Timeline

Sep 18, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us url
USN-852-1 vendor-advisory
http://patchwork.kernel.org/patch/21766/ url
https://bugzilla.redhat.com/show_bug.cgi?id=519692 url
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 url
37351 third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=499785 url
SUSE-SA:2010:012 vendor-advisory
oval:org.mitre.oval:def:11168 vdb
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 url
RHSA-2009:1438 vendor-advisory
SUSE-SA:2009:054 vendor-advisory
37105 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-3238 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 url
http://patchwork.kernel.org/patch/21766 url

Open in Interactive Console →