Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 286091 (CVE-2009-3238)

Summary: Kernel: get_random_int() produces predictable random numbers (CVE-2009-3238)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, jaak, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
Whiteboard: [linux <2.6.27.25] [linux >=2.6.28 <2.6.29.5]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-23 14:25:25 UTC 
CVE-2009-3238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3238):
  The get_random_int function in drivers/char/random.c in the Linux
  kernel before 2.6.30 produces insufficiently random numbers, which
  allows attackers to predict the return value, and possibly defeat
  protection mechanisms based on randomization, via vectors that
  leverage the function's tendency to "return the same value over and
  over again for long stretches of time."