CVE-2026-13199
MEDIUMInsufficient Entropy in Raspberry Pi 5 and Compute Module 5
Title source: cnaDescription
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-13199
Scores
CVSS v3
4.0
EPSS
0.0011
EPSS Percentile
1.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-331
Status
published
Products (1)
Raspberry Pi/Raspberry Pi 5 and Compute Module 5
< 28.22-1
Published
Jul 07, 2026
Tracked Since
Jul 07, 2026