CVE-2024-25389
CVE-2024-25389
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://seclists.org/fulldisclosure/2024/Mar/28https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txthttps://github.com/RT-Thread/rt-thread/issues/8283https://seclists.org/fulldisclosure/2024/Mar/28https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/http://www.openwall.com/lists/oss-security/2024/03/05/1