Improper Management of Consumed Data in Linux Kernel's get_prng_bytes Function

Improper Management of Consumed Data in Linux Kernel's get_prng_bytes Function

CVE-2013-4345 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.