4.8
CVE-2025-0577
- EPSS 0.01%
- Veröffentlicht 18.02.2026 20:25:34
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
Glibc: vdso getrandom acceleration may return predictable randomness
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://sourceware.org/git/?p=glibc.git
≫
Paket
glibc
Default Statusunaffected
Version <=
2.39-33.fc40
Version
2.39-28.fc40
Status
affected
Version <=
2.40-17.fc41
Version
2.40-12.fc41
Status
affected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 10
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 6
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 7
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 9
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.017 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| patrick@puiterwijk.org | 4.8 | 2.2 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-331 Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.