CVE-2013-4345
MEDIUM severity · CVSS 5.8 · CWE-189
5.8CVSS MEDIUM
Summary
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impactNone
Exploit probability (EPSS)3%
AV:N/AC:M/Au:N/C:P/I:P/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2 ↗
Additional information
- NVD record
- http://marc.info/?l=linux-crypto-vger&m=137942122902845&w=2Patch
- http://rhn.redhat.com/errata/RHSA-2013-1449.html
- http://rhn.redhat.com/errata/RHSA-2013-1490.html
- http://rhn.redhat.com/errata/RHSA-2013-1645.html
- http://www.securityfocus.com/bid/62740
- http://www.ubuntu.com/usn/USN-2064-1
- http://www.ubuntu.com/usn/USN-2065-1
- http://www.ubuntu.com/usn/USN-2068-1