CVE-2025-0577
Received Received - Intake
Insufficient Entropy in glibc getrandom/arc4random Post-fork

Publication date: 2026-02-18

Last updated on: 2026-02-18

Assigner: Fedora Project

Description
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-14
NVD
CVE-2025-0577
EUVD
EUVD-2025-207796
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
gnu glibc *
gnu glibc 2.39
gnu glibc 2.40
gnu glibc 2.41
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-331 The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-0577 is a vulnerability in the GNU C Library (glibc) related to the getrandom system call and the arc4random family of functions. Specifically, when these functions are called after a fork operation that happens concurrently with a call to any of these functions, the randomness they produce may become predictable. This occurs due to an issue in the vDSO (virtual Dynamic Shared Object) acceleration of the getrandom call in certain versions of glibc used in Fedora 40, Fedora 41, and CentOS 10 Stream.

Because these functions are supposed to provide secure random values, the flaw compromises the quality and security of the randomness, potentially allowing attackers to predict random values that should be unpredictable.

Impact Analysis

This vulnerability can impact you by causing the random values generated by the getrandom and arc4random functions to be predictable after a fork operation. Predictable randomness can weaken security mechanisms that rely on strong random values, such as cryptographic key generation, session tokens, or other security-critical operations.

As a result, attackers might exploit this flaw to guess or reproduce random values, potentially leading to compromised confidentiality and integrity of systems or data that depend on these random values.

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects specific versions of glibc in Fedora 40, Fedora 41, and CentOS 10 Stream where the getrandom and arc4random functions may produce predictable randomness after a fork operation. Detection involves identifying if your system is running one of the affected glibc versions.

You can check the installed glibc version on your system using the following command:

  • rpm -q glibc

If the version falls within the affected ranges (e.g., 2.39-28.fc40 through 2.39-33.fc40 for Fedora 40, 2.40-12.fc41 through 2.40-17.fc41 for Fedora 41, or 2.39-29.el10 through 2.39-33.el10 for CentOS 10 Stream), your system is vulnerable.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation involves updating glibc to a version that is not affected by this vulnerability. Since no upstream glibc release is impacted and the issue was identified during development of glibc 2.41, applying vendor patches or upgrading to a fixed glibc version provided by your distribution is recommended.'}, {'type': 'paragraph', 'content': "You should check for and install security updates from your Linux distribution's package manager. For example, on Fedora or CentOS, you can run:"}, {'type': 'list_item', 'content': 'sudo dnf update glibc'}, {'type': 'paragraph', 'content': 'Additionally, avoid running applications that rely on getrandom or arc4random functions immediately after a fork until the update is applied.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart