Random Number Generator Weakness Discovered in RT-Thread through 5.0.2
CVE-2024-25389
7.5HIGH
What is CVE-2024-25389?
An issue has been identified in RT-Thread RTOS where the random number generation algorithm is insufficiently robust, utilizing a simplistic calculation method that can lead to predictable outcomes. Specifically, the algorithm defined in 'calc_random' within the source file 'drivers/misc/rt_random.c' employs a linear congruential generator approach, which is regarded as weak. This vulnerability could potentially be exploited by attackers to predict random numbers that are supposed to be unique or secure, posing significant risks in cryptographic implementations and secure communications.
