Candidate: CVE-2009-3238
PublicDate: 2009-09-18 10:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238
 http://patchwork.kernel.org/patch/21766/
 https://ubuntu.com/security/notices/USN-852-1
Description:
 The get_random_int function in drivers/char/random.c in the Linux kernel
 before 2.6.30 produces insufficiently random numbers, which allows
 attackers to predict the return value, and possibly defeat protection
 mechanisms based on randomization, via vectors that leverage the function's
 tendency to "return the same value over and over again for long stretches
 of time."
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.30~rc5)
dapper_linux-source-2.6.15: released (2.6.15-55.80)
hardy_linux-source-2.6.15: DNE
intrepid_linux-source-2.6.15: DNE
jaunty_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
upstream_linux: released (2.6.30~rc5)
dapper_linux: DNE
hardy_linux: released (2.6.24-25.63)
intrepid_linux: released (2.6.27-15.43)
jaunty_linux: released (2.6.28-16.55)
devel_linux: not-affected (2.6.31.10.21)