Raspberry Pi 5 And Compute Module 5
Monthly
Predictable KASLR offsets and RNG seeds in Raspberry Pi 5 and Compute Module 5 EEPROM firmware undermine kernel address space layout randomization across all affected devices and reboots. Because the entropy source is deterministic, any attacker who can identify the firmware version can predict kernel memory addresses, reducing KASLR to a known-offset bypass. This does not itself enable code execution, but it significantly lowers the bar for chaining with any memory-corruption vulnerability targeting these devices. No public exploit code has been identified at time of analysis and this is not listed in the CISA KEV catalog.
Predictable KASLR offsets and RNG seeds in Raspberry Pi 5 and Compute Module 5 EEPROM firmware undermine kernel address space layout randomization across all affected devices and reboots. Because the entropy source is deterministic, any attacker who can identify the firmware version can predict kernel memory addresses, reducing KASLR to a known-offset bypass. This does not itself enable code execution, but it significantly lowers the bar for chaining with any memory-corruption vulnerability targeting these devices. No public exploit code has been identified at time of analysis and this is not listed in the CISA KEV catalog.