CVE-2009-3238 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3238 Interim 1 3 2021-06-09T08:51:15Z current 2021-05-30T12:48:25Z 2021-06-09T08:51:15Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3238 The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html E-Mail link for SUSE-SA:2009:054 https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00006.html E-Mail link for SUSE-SA:2009:055 https://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html E-Mail link for SUSE-SA:2010:012 https://www.suse.com/support/security/rating/ SUSE Security Ratings The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." CVE-2009-3238 important 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N