Medium severity5.5NVD Advisory· Published Sep 18, 2009· Updated Apr 23, 2026
CVE-2009-3238
CVE-2009-3238
Description
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."
Affected products
8cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- patchwork.kernel.org/patch/21766/nvdBroken LinkPatch
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30nvdBroken LinkExploitVendor Advisory
- www.ubuntu.com/usn/USN-852-1nvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlnvdMailing List
- secunia.com/advisories/37105nvdBroken Link
- secunia.com/advisories/37351nvdBroken Link
- www.redhat.com/support/errata/RHSA-2009-1438.htmlnvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPermissions Required
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPermissions Required
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168nvdBroken Link
News mentions
0No linked articles in our index yet.