Stephan Mueller

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 3.11.4 **Description** The issue is related to an off-by-one error in the get prng bytes function, which affects the management of the state of consumed data. This makes it easier for attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data. The error leads to improper management of the state of the consumed data, potentially resulting in the use of less entropy. **Recommendations** For Linux kernel versions through 3.11.4, update to a version that contains a fix for this issue to prevent improper management of the state of consumed data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.3.7 **Description** The issue allows local users to write data to an Ethernet adapter via an ioctl call due to the rio ioctl function in drivers/net/ethernet/dlink/dl2k.c not restricting access to the SIOCSMIIREG command. **Recommendations** For versions prior to 3.3.7, update to version 3.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIOCSMIIREG command to minimize the risk of exploitation.