Home

CVE-2013-4345

Description

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.055

Associated Vulnerability

VulnerabilityOS Platform
Linux hardware enablement kernel from Quantal (USN-2068-1) linux-image-3.5.0-45-generic_3.5.0-45.68~precise1_i386.debLinux
Linux hardware enablement kernel from Quantal (USN-2068-1) linux-image-3.5.0-45-generic_3.5.0-45.68~precise1_amd64.debLinux
Linux hardware enablement kernel from Saucy (USN-2070-1) linux-image-3.11.0-15-generic_3.11.0-15.25~precise1_i386.debLinux
Linux hardware enablement kernel from Saucy (USN-2070-1) linux-image-3.11.0-15-generic_3.11.0-15.25~precise1_amd64.debLinux
Linux kernel (USN-2109-1) linux-image-3.2.0-59-generic_3.2.0-59.90_i386.debLinux
Linux kernel (USN-2109-1) linux-image-3.2.0-59-generic_3.2.0-59.90_amd64.debLinux
Linux kernel (USN-2109-1) linux-image-3.2.0-59-virtual_3.2.0-59.90_i386.debLinux
Linux kernel (USN-2109-1) linux-image-3.2.0-59-virtual_3.2.0-59.90_amd64.debLinux
Linux kernel (USN-2109-1) linux-image-3.2.0-59-generic-pae_3.2.0-59.90_i386.debLinux
Linux hardware enablement kernel from Raring (USN-2158-1) linux-image-3.8.0-38-generic_3.8.0-38.56~precise1_i386.debLinux
Linux hardware enablement kernel from Raring (USN-2158-1) linux-image-3.8.0-38-generic_3.8.0-38.56~precise1_amd64.debLinux
Dtrace-modules-3.8.13-16.2.2.el6uek update (ELSA-2013-2583) dtrace-modules-3.8.13-16.2.2.el6uek-0.4.1-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-16.2.2.el6uek-headers update (ELSA-2013-2583) dtrace-modules-3.8.13-16.2.2.el6uek-headers-0.4.1-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers update (ELSA-2013-2583) dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers-0.4.1-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-26.el6uek update (ELSA-2014-3002) dtrace-modules-3.8.13-26.el6uek-0.4.2-3.el6.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234