CVE DATABASE / CVE-2009-3238
CVE-2009-3238
CVSS 5.5 · MEDIUM
Summary
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
CVSS 3.1 breakdown
| Base score | 5.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Linux linux kernelCanonical ubuntu linuxOpensuse opensuseSuse linux enterprise desktopSuse linux enterprise server
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
- http://patchwork.kernel.org/patch/21766/
- http://secunia.com/advisories/37105
- http://secunia.com/advisories/37351
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
- http://www.redhat.com/support/errata/RHSA-2009-1438.html
- http://www.ubuntu.com/usn/USN-852-1
- https://bugzilla.redhat.com/show_bug.cgi?id=499785
- https://bugzilla.redhat.com/show_bug.cgi?id=519692
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.