Vulnerability Details : CVE-2009-3238
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
Products affected by CVE-2009-3238
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
Threat overview for CVE-2009-3238
Top countries where our scanners detected CVE-2009-3238
Top open port discovered on systems with this issue
52869
IPs affected by CVE-2009-3238 227,037
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3238!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3238
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3238
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | 2024-02-15 |
CWE ids for CVE-2009-3238
-
Assigned by: nvd@nist.gov (Primary)
-
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3238
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
404: File not foundBroken Link;Exploit;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=499785
Bug Access DeniedIssue Tracking;Permissions Required
-
http://www.redhat.com/support/errata/RHSA-2009-1438.html
SupportBroken Link
-
http://secunia.com/advisories/37105
About Secunia Research | FlexeraBroken Link
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20Mailing List
-
http://secunia.com/advisories/37351
About Secunia Research | FlexeraBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
404 Not FoundBroken Link
-
http://patchwork.kernel.org/patch/21766/
404: File not found - PatchworkBroken Link;Patch
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
Document Display | HPE Support CenterThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:054) - openSUSE Security Announce - openSUSE Mailing ListsMailing List
-
http://www.ubuntu.com/usn/USN-852-1
USN-852-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=519692
Bug Access DeniedIssue Tracking;Permissions Required
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
Jump to