How severe is CVE-2009-3238?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2009-3238?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2009-3238 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Related Vulnerabilities

CVE-2009-3278

MEDIUM

CVSS:5.5(Medium)

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to deter...

CWE-3382009

CVE-2024-52322

MEDIUM

CVSS:5.5(Medium)

WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically WebService::Xero ...

CWE-3382024

CVE-2024-57835

MEDIUM

CVSS:5.5(Medium)

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not crypt...

CWE-3382024

CVE-2024-57868

MEDIUM

CVSS:5.5(Medium)

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Web::API uses the Data::Ra...

CWE-3382024

CVE-2024-58036

MEDIUM

CVSS:5.5(Medium)

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API...

CWE-3382024

CVE-2002-20002

MEDIUM

CVSS:5.4(Medium)

The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.

CWE-3382002