CVE-2011-4574

Name of the Vulnerable Software and Affected Versions PolarSSL versions prior to v1.1

Description The issue concerns the use of the HAVEGE random number generation algorithm, which relies on timing information from the processor's high resolution timer, specifically the RDTSC instruction. This instruction can be virtualized, and some virtual machine hosts may disable it, resulting in predictable or zero returns.

Recommendations For PolarSSL versions prior to v1.1, consider updating to version v1.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of the HAVEGE random number generation algorithm until a patch is available. Restrict access to virtualized environments where the RDTSC instruction may be disabled to minimize the risk of exploitation.