ByteOS Network

NVD Vulnerability Details :

CVE-2007-4311

Modified

Source-cve@mitre.org

Published At-13 Aug, 2007 | 21:17

Updated At-23 Apr, 2026 | 00:35

The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Linux Kernel Organization, Inc

>>linux_kernel>>Versions up to 2.4.34(inclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-310	Primary	nvd@nist.gov

CWE ID: CWE-310

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=bd67d4c7b11cc33ebdc346bc8926d255b354cd64	cve@mitre.org	N/A
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=faa3369ac2ea7feb0dd266b6a5e8d6ab153cf925	cve@mitre.org	N/A
http://secunia.com/advisories/29058	cve@mitre.org	Vendor Advisory
http://www.debian.org/security/2008/dsa-1503	cve@mitre.org	N/A
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.6	cve@mitre.org	N/A
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35	cve@mitre.org	N/A
http://www.securityfocus.com/bid/25029	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2007/2690	cve@mitre.org	Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=bd67d4c7b11cc33ebdc346bc8926d255b354cd64	af854a3a-2127-422b-91ae-364da2661108	N/A
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=faa3369ac2ea7feb0dd266b6a5e8d6ab153cf925	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/29058	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.debian.org/security/2008/dsa-1503	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.6	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/25029	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2007/2690	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory