CVE-2025-0577

MEDIUM

glibc - Insufficient Entropy

Title source: llm

Description

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

References (2)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2025-0577

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2338871

Scores

CVSS v3 4.8

EPSS 0.0001

EPSS Percentile 1.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-331

Status published

Products (5)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Published Feb 18, 2026

Tracked Since Feb 19, 2026