CVE-2007-4311
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
13/08/2007
Last modified:
09/04/2025
Description
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.4.34 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba%3Dcommit%3Bh%3Dbd67d4c7b11cc33ebdc346bc8926d255b354cd64
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba%3Dcommit%3Bh%3Dfaa3369ac2ea7feb0dd266b6a5e8d6ab153cf925
- http://secunia.com/advisories/29058
- http://www.debian.org/security/2008/dsa-1503
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.6
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35
- http://www.securityfocus.com/bid/25029
- http://www.vupen.com/english/advisories/2007/2690
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba%3Dcommit%3Bh%3Dbd67d4c7b11cc33ebdc346bc8926d255b354cd64
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba%3Dcommit%3Bh%3Dfaa3369ac2ea7feb0dd266b6a5e8d6ab153cf925
- http://secunia.com/advisories/29058
- http://www.debian.org/security/2008/dsa-1503
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.6
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35
- http://www.securityfocus.com/bid/25029
- http://www.vupen.com/english/advisories/2007/2690