Medium severity5.5NVD Advisory· Published Sep 18, 2009· Updated Jun 16, 2026
CVE-2009-3238
CVE-2009-3238
Description
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
13- patchwork.kernel.org/patch/21766/nvdBroken LinkPatch
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30nvdBroken LinkExploitVendor Advisory
- www.ubuntu.com/usn/USN-852-1nvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- git.kernel.orgnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlnvdMailing List
- secunia.com/advisories/37105nvdBroken Link
- secunia.com/advisories/37351nvdBroken Link
- www.redhat.com/support/errata/RHSA-2009-1438.htmlnvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPermissions Required
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPermissions Required
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168nvdBroken Link
News mentions
0No linked articles in our index yet.