Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 488152 (CVE-2013-4345) - Kernel: get_prng_bytes off-by-one error (CVE-2013-4345)
Summary: Kernel: get_prng_bytes off-by-one error (CVE-2013-4345)
Status: RESOLVED FIXED
Alias: CVE-2013-4345
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard: [ <3.11.4 ]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-16 01:34 UTC by GLSAMaker/CVETool Bot
Modified: 2022-03-25 15:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2013-10-16 01:34:38 UTC
CVE-2013-4345 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4345):
  Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in
  the Linux kernel through 3.11.4 makes it easier for context-dependent
  attackers to defeat cryptographic protection mechanisms via multiple
  requests for small amounts of data, leading to improper management of the
  state of the consumed data.
Comment 1 John Helmert III gentoo-dev Security 2022-03-25 15:41:14 UTC
Fix in 3.12.2 onwards as 714b33d15130cbb5ab426456d4e3de842d6c5b8a