Weak KASLR and RNG Issues in Raspberry Pi 5 and Compute Module 5 Firmware
CVE-2026-13199
5.1MEDIUM
What is CVE-2026-13199?
The EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices generates non-random KASLR and RNG seed values, leading to predictable kernel addresses across multiple boots and devices. This predictability could facilitate the exploitation of other existing vulnerabilities. Furthermore, the low-quality RNG seed may compromise the generation of random numbers and could also result in delays during boot-up while waiting for adequate entropy from alternative sources.
Affected Version(s)
Raspberry Pi 5 and Compute Module 5 Linux 0 < 28.22-1
