Lucene search

[email protected]CVE-2009-3238

HistorySep 18, 2009 - 10:30 a.m.

CVE-2009-3238

2009-09-1810:30:01

CWE-338

[email protected]

web.nvd.nist.gov

linux kernel

cve-2009-3238

random numbers

security vulnerability

prediction

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function’s tendency to “return the same value over and over again for long stretches of time.”

Affected configurations

NVD

Node

linuxlinux_kernelRange<2.6.30

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

Node

opensuseopensuseMatch11.0

suselinux_enterprise_desktopMatch10sp2

suselinux_enterprise_serverMatch10sp2

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.30

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.30

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02

lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

patchwork.kernel.org/patch/21766/

secunia.com/advisories/37105

secunia.com/advisories/37351

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30

www.redhat.com/support/errata/RHSA-2009-1438.html

www.ubuntu.com/usn/USN-852-1

bugzilla.redhat.com/show_bug.cgi?id=499785

bugzilla.redhat.com/show_bug.cgi?id=519692

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us

Social References

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

Related for CVE-2009-3238

seebug1 ubuntucve1 nvd1 cvelist1 prion1 nessus15 centos2 redhat3 suse3 oraclelinux2 osv3 openvas12 securityvulns2 debian3 ubuntu1