Skip to main content

Raspberry Pi 5 And Compute Module 5

1 CVEs product

Monthly

CVE-2026-13199 MEDIUM PATCH This Month

Predictable KASLR offsets and RNG seeds in Raspberry Pi 5 and Compute Module 5 EEPROM firmware undermine kernel address space layout randomization across all affected devices and reboots. Because the entropy source is deterministic, any attacker who can identify the firmware version can predict kernel memory addresses, reducing KASLR to a known-offset bypass. This does not itself enable code execution, but it significantly lowers the bar for chaining with any memory-corruption vulnerability targeting these devices. No public exploit code has been identified at time of analysis and this is not listed in the CISA KEV catalog.

Information Disclosure Raspberry Pi 5 And Compute Module 5
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Predictable KASLR offsets and RNG seeds in Raspberry Pi 5 and Compute Module 5 EEPROM firmware undermine kernel address space layout randomization across all affected devices and reboots. Because the entropy source is deterministic, any attacker who can identify the firmware version can predict kernel memory addresses, reducing KASLR to a known-offset bypass. This does not itself enable code execution, but it significantly lowers the bar for chaining with any memory-corruption vulnerability targeting these devices. No public exploit code has been identified at time of analysis and this is not listed in the CISA KEV catalog.

Information Disclosure Raspberry Pi 5 And Compute Module 5
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy