Unrated severityNVD Advisory· Published Nov 30, 2007· Updated Apr 23, 2026

CVE-2007-6150

Description

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.

Affected products

FreeBSD/FreeBSD5 versions
cpe:2.3:o:freebsd:freebsd:5.5:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:freebsd:freebsd:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:7.0:beta_4:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.freebsd.org/advisories/FreeBSD-SA-07:09.random.ascnvdPatch
secunia.com/advisories/27879nvdVendor Advisory
osvdb.org/39600nvd
www.securityfocus.com/bid/26642nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/4053nvd
exchange.xforce.ibmcloud.com/vulnerabilities/38764nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000