CVE-2009-3238

🗓️ 18 Sep 2009 10:30:00Reported by ubuntu.comType

The get_random_int function in Linux kernel before 2.6.30 produces insufficiently random numbers, allowing attackers to predict return values and defeat protection mechanisms

Reporter	Title	Published	Views	Family All 59
Tenable Nessus	CentOS 5 : kernel (CESA-2009:1106)	6 Jan 201000:00	–	nessus
Tenable Nessus	CentOS 4 : kernel (CESA-2009:1438)	6 Jan 201000:00	–	nessus
Tenable Nessus	Debian DSA-1927-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak	24 Feb 201000:00	–	nessus
Tenable Nessus	Debian DSA-1928-1 : linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak	24 Feb 201000:00	–	nessus
Tenable Nessus	Debian DSA-1929-1 : linux-2.6 - privilege escalation/denial of service/sensitive memory leak	24 Feb 201000:00	–	nessus
Tenable Nessus	Oracle Linux 5 : kernel (ELSA-2009-1106)	12 Jul 201300:00	–	nessus
Tenable Nessus	Oracle Linux 4 : kernel (ELSA-2009-1438)	12 Jul 201300:00	–	nessus
Tenable Nessus	RHEL 5 : kernel (RHSA-2009:1106)	17 Jun 200900:00	–	nessus
Tenable Nessus	RHEL 4 : kernel (RHSA-2009:1438)	16 Sep 200900:00	–	nessus
Tenable Nessus	openSUSE Security Update : kernel (kernel-1908)	16 Feb 201000:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	8.04	any	linux	2.6.24-25.63	linux_2.6.24-25.63_any.deb
Ubuntu	8.10	any	linux	2.6.27-15.43	linux_2.6.27-15.43_any.deb
Ubuntu	9.04	any	linux	2.6.28-16.55	linux_2.6.28-16.55_any.deb
Ubuntu	6.06	any	linux-source-2.6.15	2.6.15-55.80	linux-source-2.6.15_2.6.15-55.80_any.deb

Source	Link
patchwork	www.patchwork.kernel.org/patch/21766/
ubuntu	www.ubuntu.com/security/notices/USN-852-1
cve	www.cve.org/CVERecord

25 Aug 2025 19:49Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.5

CVSS 27.8

EPSS0.00241