Name | CVE-2007-4311 |
Description | The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-1503-1, DSA-1503-2 |
The information below is based on the following data on fixed versions.
- linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it)