CVE-2026-13199
Insufficient Entropy in Raspberry Pi 5 and Compute Module 5
CVSS Score
4.0
EPSS Score
0.1%
EPSS Percentile
2th
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.
| CWE | CWE-331 |
| Vendor | raspberry pi |
| Product | raspberry pi 5 and compute module 5 |
| Published | Jul 7, 2026 |
| Last Updated | Jul 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for raspberry pi raspberry pi 5 and compute module 5
Be the first to know when new medium vulnerabilities affecting raspberry pi raspberry pi 5 and compute module 5 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Raspberry Pi / Raspberry Pi 5 and Compute Module 5
0 < 28.22-1
References
Credits
Gabriele Quagliarella at Nozomi Networks