CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
43.5%
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the functionβs tendency to βreturn the same value over and over again for long stretches of time.β
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 6.06 | cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 8.04 | cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* |
canonical | ubuntu_linux | 8.10 | cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 9.04 | cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* |
opensuse | opensuse | 11.0 | cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* |
suse | linux_enterprise_desktop | 10 | cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:* |
suse | linux_enterprise_server | 10 | cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
patchwork.kernel.org/patch/21766/
secunia.com/advisories/37105
secunia.com/advisories/37351
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
www.redhat.com/support/errata/RHSA-2009-1438.html
www.ubuntu.com/usn/USN-852-1
bugzilla.redhat.com/show_bug.cgi?id=499785
bugzilla.redhat.com/show_bug.cgi?id=519692
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
43.5%