The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the functionβs tendency to βreturn the same value over and over again for long stretches of time.β
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
patchwork.kernel.org/patch/21766/
secunia.com/advisories/37105
secunia.com/advisories/37351
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
www.redhat.com/support/errata/RHSA-2009-1438.html
www.ubuntu.com/usn/USN-852-1
bugzilla.redhat.com/show_bug.cgi?id=499785
bugzilla.redhat.com/show_bug.cgi?id=519692
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us