glibc Insufficient Entropy via getrandom/arc4random After Fork
CVE-2025-0577 Published on February 18, 2026

Glibc: vdso getrandom acceleration may return predictable randomness
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

NVD

Vulnerability Analysis

CVE-2025-0577 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public. 4 days later.

Weakness Type

Insufficient Entropy

The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.


Products Associated with CVE-2025-0577

stack.watch emails you whenever new vulnerabilities are published in Red Hat Enterprise Linux (RHEL) or GNU Glibc. Just hit a watch button to start following.

Red Hat Enterprise Linux (RHEL)
 
GNU Glibc
 

Exploit Probability

EPSS
0.03%
Percentile
6.52%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.