CVE-2009-3238

5.5 MEDIUM
Published: September 18, 2009 Modified: April 23, 2026
View on NVD

Description

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
Source: cve@mitre.org
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
Source: cve@mitre.org
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Source: cve@mitre.org
Mailing List
http://patchwork.kernel.org/patch/21766/
Source: cve@mitre.org
Broken Link Patch
http://secunia.com/advisories/37105
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/37351
Source: cve@mitre.org
Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
Source: cve@mitre.org
Broken Link Exploit Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-1438.html
Source: cve@mitre.org
Broken Link
http://www.ubuntu.com/usn/USN-852-1
Source: cve@mitre.org
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=499785
Source: cve@mitre.org
Issue Tracking Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=519692
Source: cve@mitre.org
Issue Tracking Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
Source: cve@mitre.org
Broken Link
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
Source: cve@mitre.org
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://patchwork.kernel.org/patch/21766/
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://secunia.com/advisories/37105
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/37351
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-1438.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.ubuntu.com/usn/USN-852-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=499785
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=519692
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

26 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.5 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-338

Affected Vendors

canonical opensuse suse linux

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A