Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 488152 (CVE-2013-4345)

Summary: Kernel: get_prng_bytes off-by-one error (CVE-2013-4345)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [ <3.11.4 ]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2013-10-16 01:34:38 UTC
CVE-2013-4345 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4345):
  Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in
  the Linux kernel through 3.11.4 makes it easier for context-dependent
  attackers to defeat cryptographic protection mechanisms via multiple
  requests for small amounts of data, leading to improper management of the
  state of the consumed data.
Comment 1 John Helmert III gentoo-dev Security 2022-03-25 15:41:14 UTC
Fix in 3.12.2 onwards as 714b33d15130cbb5ab426456d4e3de842d6c5b8a