Description of the problem: The upstream kernel mailing list has identified a bug in handling entropy for the kernel random number generator. When writing entropy to a partially filled pool, some of the previous entropy will be overwritten. This would cause the kernel to overestimate available entropy in the pool. This issue would primarily affect applications using /dev/random since it would depend on true entropy provided by the kernel. Additional resources: https://lkml.org/lkml/2013/4/24/5
Statement: This issue affects Red Hat Enterprise Linux 5, 6, 7 and MRG-2 kernels. Future updates may address this issue in the respective Red Hat Enterprise Linux releases. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Closing this bug up, Mitre believe that this issue is not a weakness at this point in time as the data provided does not show an accurate ability to provide weakness to processes or kernel utilities that would use this data.