GHSA-fghc-hpwq-xm37MediumCVSS 4.0

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG...

Published
July 7, 2026
Last Modified
July 7, 2026

🔗 CVE IDs covered (1)

📋 Description

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.

🔗 References (4)