{
  "threat_severity" : "Moderate",
  "public_date" : "2025-01-23T22:40:05Z",
  "bugzilla" : {
    "description" : "glibc: vDSO getrandom acceleration may return predictable randomness",
    "id" : "2338871",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2338871"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-331",
  "details" : [ "An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.", "An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions." ],
  "statement" : "This flaw only affected a limited subset of glibc versions present in Fedora 40 (glibc-2.39-28.fc40 and glibc-2.39-33.fc40), Fedora 41 (glibc-2.40-12.fc41 and glibc-2.40-17.fc41) and CentOS 10 Stream (glibc-2.39-29.el10 to glibc-2.39-33.el10).",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-0577\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0577" ],
  "name" : "CVE-2025-0577",
  "mitigation" : {
    "value" : "Red Hat Product Security does not have any mitigation recommendations at this time.",
    "lang" : "en:us"
  },
  "csaw" : false
}