The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the functions tendency to return the same value over and over again for long stretches of time.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG’s algorithm is not cryptographically strong.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 2.6.30 (excluding) |
| MRG for RHEL-5 | RedHat | kernel-rt-0:2.6.24.7-117.el5rt | * |
| Red Hat Enterprise Linux 4 | RedHat | kernel-0:2.6.9-89.0.11.EL | * |
| Red Hat Enterprise Linux 5 | RedHat | kernel-0:2.6.18-128.1.14.el5 | * |
| Linux | Ubuntu | hardy | * |
| Linux | Ubuntu | intrepid | * |
| Linux | Ubuntu | jaunty | * |
| Linux | Ubuntu | upstream | * |
| Linux-source-2.6.15 | Ubuntu | dapper | * |
| Linux-source-2.6.15 | Ubuntu | upstream | * |
When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.