Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Local-only vector with low-privilege access sufficient to call getrandom(); purely availability impact via CPU stall with no confidentiality or integrity consequence.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
crypto: jitterentropy - replace long-held spinlock with mutex
jent_kcapi_random() serializes the shared jitterentropy state, but it currently holds a spinlock across the jent_read_entropy() call. That path performs expensive jitter collection and SHA3 conditioning, so parallel readers can trigger stalls as contending waiters spin for the same lock.
To prevent non-preemptible lock hold, replace rng->jent_lock with a mutex so contended readers sleep instead of spinning on a shared lock held across expensive entropy generation.
AnalysisAI
CPU stall vulnerability in the Linux kernel jitterentropy subsystem allows local low-privileged users to trigger prolonged non-preemptible spinlock holds by spawning concurrent entropy requests through jent_kcapi_random(), which holds a spinlock across expensive SHA3 conditioning and jitter collection. Systems running kernel versions from approximately 4.2 through pre-fix stable branches face entropy starvation and CPU busy-wait degradation under parallel getrandom() load. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires local shell access with at minimum low-privilege credentials (CVSS PR:L, AV:L) - any standard user account on the target system is sufficient. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H scores 5.5 (Medium), accurately reflecting local-only attack surface, low-privilege requirement, and purely availability-class impact with no confidentiality or integrity consequence. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local low-privileged user on a shared cloud VM or multi-tenant container host launches a high-thread-count process that continuously calls getrandom() in parallel across all available CPU cores. The first thread to acquire jent_kcapi_random()'s spinlock begins milliseconds-long SHA3 conditioning work while all other CPUs spin at full utilization waiting for lock release, stalling kernel scheduling and blocking all entropy-dependent operations - including TLS handshakes and in-kernel key generation - for the duration of the attack. … |
| Remediation | The definitive fix is to upgrade to a patched kernel release: 6.6.141 or later on the 6.6 LTS branch, 6.12.91 or later on the 6.12 LTS branch, 6.18.33 or later on the 6.18 branch, 7.0.10 or later on the 7.0 branch, or any 7.1+ mainline build. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38706
GHSA-9hmp-j3gc-jm6j