Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local vector reflects physical/shell access requirement; no privileges needed; only limited kernel-address confidentiality impact with no integrity or availability effect.
Primary rating from Vendor (Nozomi).
CVSS VectorVendor: Nozomi
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.
AnalysisAI
Predictable KASLR offsets and RNG seeds in Raspberry Pi 5 and Compute Module 5 EEPROM firmware undermine kernel address space layout randomization across all affected devices and reboots. Because the entropy source is deterministic, any attacker who can identify the firmware version can predict kernel memory addresses, reducing KASLR to a known-offset bypass. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The device must be a Raspberry Pi 5 or Compute Module 5 running an affected EEPROM firmware version - no special configuration or non-default feature is required; the insufficient entropy is unconditional in the vulnerable firmware. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.1 with a local attack vector (AV:L) correctly reflects that this is a security-weakening vulnerability rather than a direct exploitation primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with local shell access to an unpatched Raspberry Pi 5 determines the device's firmware version, then uses the known-deterministic KASLR seed to calculate exact kernel symbol addresses. Armed with these addresses, they construct a ROP chain for a separate kernel vulnerability - one that would otherwise be defeated by KASLR - and escalate to ring-0 privileges. … |
| Remediation | The primary fix is an upstream EEPROM firmware update delivered via the rpi-eeprom package; users should apply the patched firmware once a tagged release incorporating PR #841 is available (https://github.com/raspberrypi/rpi-eeprom/pull/841). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-331 – Insufficient Entropy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42021
GHSA-fghc-hpwq-xm37