CVE-2025-0577

Summary

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

Affected Software

VendorProductVersion RangeStatus
2.39-28.fc40 <= 2.39-33.fc40affected
2.40-12.fc41 <= 2.40-17.fc41affected

Weaknesses

  • CWE-331: Insufficient Entropy

Workarounds

Red Hat Product Security does not have any mitigation recommendations at this time.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References