Home

Description

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

PUBLISHED Reserved 2025-01-19 | Published 2026-02-18 | Updated 2026-02-18 | Assigner fedora




MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

Insufficient Entropy

Product status

Default status
unaffected

2.39-28.fc40 (semver)
affected

2.40-12.fc41 (semver)
affected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Timeline

2025-01-19:Reported to Red Hat.
2025-01-23:Made public.

References

access.redhat.com/security/cve/CVE-2025-0577 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2338871 (RHBZ#2338871) issue-tracking

cve.org (CVE-2025-0577)

nvd.nist.gov (CVE-2025-0577)

Download JSON