CVE-2026-13199

Summary

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.

Affected Software

VendorProductVersion RangeStatus
Raspberry PiRaspberry Pi 5 and Compute Module 50 < 28.22-1affected

Weaknesses

  • CWE-331: CWE-331: Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References