VDB
CVE-2009-3238
CVE-2009-3238
PUBLISHED
CVSS 5.5 MEDIUM
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
EPSS 0.24% · 47.6th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.24%
47.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| canonical | ubuntu_linux | 9.04, 6.06, 8.04 |
| suse | linux_enterprise_desktop | 10 |
| linux | linux_kernel | 0 |
| opensuse | opensuse | 11.0 |
| suse | linux_enterprise_server | 10 |
| n/a | n/a | n/a |
Exploit Intelligence
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us (circl)
- USN-852-1 (circl)
- http://patchwork.kernel.org/patch/21766/ (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=519692 (circl)
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 (circl)
- 37351 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=499785 (circl)
- SUSE-SA:2010:012 (circl)
- oval:org.mitre.oval:def:11168 (circl)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 (circl)
…and 3 more exploits
Timeline
- Sep 18, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us url
- USN-852-1 vendor-advisory
- http://patchwork.kernel.org/patch/21766/ url
- https://bugzilla.redhat.com/show_bug.cgi?id=519692 url
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 url
- 37351 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=499785 url
- SUSE-SA:2010:012 vendor-advisory
- oval:org.mitre.oval:def:11168 vdb
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 url
- RHSA-2009:1438 vendor-advisory
- SUSE-SA:2009:054 vendor-advisory
- 37105 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-3238 advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 url
- http://patchwork.kernel.org/patch/21766 url