CVE-2026-13199

Severity CVSS v4.0:
MEDIUM
Type:
CWE-331 Insufficient Entropy
Publication date:
07/07/2026
Last modified:
07/07/2026

Description

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.