Glibc: vdso getrandom acceleration may return predictable randomness_CVE-2025-0577

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

Basic Information

ID CVE-2025-0577

Source fedora

Published Feb 18, 2026 at 20:25

Affected Product

Version 2.40-12.fc41

Affected Versions 2.39-28.fc40
2.40-12.fc41

CWE Classification

CWE-331

References

{
    "lastseen": "",
    "description": "An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.",
    "published": "2026-02-18T20:25:34.864Z",
    "modified": "2026-02-18T20:25:34.864Z",
    "type": "cve",
    "title": "Glibc: vdso getrandom acceleration may return predictable randomness",
    "source": "fedora",
    "references": "https://access.redhat.com/security/cve/CVE-2025-0577\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2338871",
    "id": "CVE-2025-0577",
    "bulletinFamily": "",
    "cwe": [
        "CWE-331"
    ],
    "cvelist": null,
    "sourceData": "  2.39-28.fc40\n  2.40-12.fc41",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "",
    "version": "2.40-12.fc41",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}