CVE-2026-13199
Received Received - Intake

EEPROM Firmware Flaws Cause Non-Random KASLR and RNG Seeds on Raspberry Pi 5

Vulnerability report for CVE-2026-13199, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: Nozomi Networks Inc.

Description

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
raspberry_pi rpi_eeprom to 28.22-1 (exc)
raspberry_pi rpi_eeprom From 28.22-1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-331 The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-13199 is a vulnerability in the EEPROM firmware of Raspberry Pi 5 and Compute Module 5 devices that causes the generation of non-random Kernel Address Space Layout Randomization (KASLR) and Random Number Generator (RNG) seed values.

This means that the kernel addresses remain consistent across system boots and devices, which weakens the effectiveness of KASLR as a security measure.

Additionally, the low-quality RNG seed can affect the quality of random numbers generated or cause delays during boot while the system waits to accumulate sufficient entropy from other sources.

The root cause was that the EEPROM firmware did not properly use the hardware random number generator (HWRNG) for entropy, despite it being enabled in the boot system code.

This vulnerability is classified under CWE-331 (Insufficient Entropy) and affects all versions of the rpi-eeprom package prior to version 28.22-1.

Compliance Impact

The vulnerability causes non-random KASLR and RNG seed values, which weakens kernel address randomization and the quality of random numbers. This could potentially make it easier for attackers to exploit other vulnerabilities.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, weaknesses in random number generation and kernel security could indirectly impact the security posture required by these regulations.

Specifically, poor entropy and predictable kernel addresses may increase the risk of unauthorized access or data breaches, which are critical concerns under regulations like GDPR and HIPAA that mandate protection of personal and sensitive data.

Therefore, failure to address this vulnerability could hinder compliance efforts by increasing the likelihood of security incidents.

Impact Analysis

This vulnerability can make it easier for a local attacker to exploit other vulnerabilities by predicting the Linux kernel's base address, effectively bypassing KASLR protections.

Since KASLR is a security feature designed to randomize memory addresses to prevent certain types of attacks, its compromise increases the risk of successful exploitation.

Furthermore, the low-quality RNG seed may reduce the overall quality of random numbers used by the system, potentially affecting cryptographic operations or causing delays during system boot.

Detection Guidance

This vulnerability is related to non-random KASLR and RNG seed values in the EEPROM firmware of Raspberry Pi 5 and Compute Module 5 devices. Detection involves verifying the version of the rpi-eeprom package installed on the device.

You can check the installed rpi-eeprom version by running the following command on the Raspberry Pi device:

  • sudo rpi-eeprom-update

If the version is prior to 28.22-1, the device is vulnerable to CVE-2026-13199.

Mitigation Strategies

The recommended immediate mitigation is to update the rpi-eeprom package to version 28.22-1 or later, which includes the fix for proper use of the Hardware Random Number Generator (HWRNG) for entropy sources.

You can update the EEPROM firmware by running the following command on the Raspberry Pi device:

  • sudo rpi-eeprom-update -d -a

After updating, reboot the device to apply the fix.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart