{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-0577","assignerOrgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","state":"PUBLISHED","assignerShortName":"fedora","dateReserved":"2025-01-19T13:43:18.289Z","datePublished":"2026-02-18T20:25:34.864Z","dateUpdated":"2026-02-25T16:54:11.355Z"},"containers":{"cna":{"title":"Glibc: vdso getrandom acceleration may return predictable randomness","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions."}],"affected":[{"versions":[{"status":"affected","version":"2.39-28.fc40","versionType":"semver","lessThanOrEqual":"2.39-33.fc40"},{"status":"affected","version":"2.40-12.fc41","versionType":"semver","lessThanOrEqual":"2.40-17.fc41"}],"packageName":"glibc","collectionURL":"https://sourceware.org/git/?p=glibc.git","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glibc","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glibc","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glibc","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glibc","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"glibc","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-0577","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2338871","name":"RHBZ#2338871","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2025-01-23T22:40:05.069Z","problemTypes":[{"descriptions":[{"cweId":"CWE-331","description":"Insufficient Entropy","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-331: Insufficient Entropy","workarounds":[{"lang":"en","value":"Red Hat Product Security does not have any mitigation recommendations at this time."}],"timeline":[{"lang":"en","time":"2025-01-19T15:27:34.569Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-01-23T22:40:05.069Z","value":"Made public."}],"providerMetadata":{"orgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","shortName":"fedora","dateUpdated":"2026-02-18T20:25:34.864Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-25T16:53:59.796460Z","id":"CVE-2025-0577","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-25T16:54:11.355Z"}}]}}