CVE-2024-25389

Published: Mar 27, 2024Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c.

Affected (1)

Products: Rt Thread: Rt Thread

Rt Thread

1 product

Rt Thread

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rt Thread Rt Thread	Up to 5.0.2

Related CWEs

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References (11)

http://www.openwall.com/lists/oss-security/2024/03/05/1

Source: cve@mitre.org

Issue TrackingMailing List

https://github.com/RT-Thread/rt-thread/issues/8283

Source: cve@mitre.org

Issue TrackingMitigation

https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt

Source: cve@mitre.org

Third Party Advisory

https://seclists.org/fulldisclosure/2024/Mar/28

Source: cve@mitre.org

Mailing List

https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/

Source: cve@mitre.org

Third Party Advisory

http://seclists.org/fulldisclosure/2024/Mar/28