CVE-2009-3238

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.30

Description The issue concerns the production of insufficiently random numbers by the get random int function, allowing attackers to predict the return value. This could potentially defeat protection mechanisms based on randomization. The function's tendency to return the same value over and over again for long stretches of time is leveraged by vectors to exploit this issue.

Recommendations For Linux kernel versions prior to 2.6.30, update to version 2.6.30 or later to resolve the issue. As a temporary workaround, consider restricting the use of the get random int function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-338

Related Identifiers

CVE-2009-3238

DSA-1927-1

DSA-1928-1

DSA-1929-1

RHSA-2009:1081

RHSA-2009:1106

RHSA-2009:1438

RHSA-2009_1106

RHSA-2009_1438

Affected Products

Linux Kernel

Red Hat

CVE-2009-3238

Weakness Enumeration

Related Identifiers

Affected Products

References · 142