CVE-2025-0577
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
2.39-28.fc40 <= 2.39-33.fc40 | affected | ||
2.40-12.fc41 <= 2.40-17.fc41 | affected |
Weaknesses
- CWE-331: Insufficient Entropy
Workarounds
Red Hat Product Security does not have any mitigation recommendations at this time.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/security/cve/CVE-2025-0577
- https://bugzilla.redhat.com/show_bug.cgi?id=2338871
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.