RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2024/03/05/1 | Issue Tracking Mailing List |
| https://github.com/RT-Thread/rt-thread/issues/8283 | Issue Tracking Mitigation |
| https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt | Third Party Advisory |
| https://seclists.org/fulldisclosure/2024/Mar/28 | Mailing List |
| https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ | Third Party Advisory |
| http://seclists.org/fulldisclosure/2024/Mar/28 | |
| http://www.openwall.com/lists/oss-security/2024/03/05/1 | Issue Tracking Mailing List |
| https://github.com/RT-Thread/rt-thread/issues/8283 | Issue Tracking Mitigation |
| https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt | Third Party Advisory |
| https://seclists.org/fulldisclosure/2024/Mar/28 | Mailing List |
| https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2024-03-27 03:15
Updated : 2025-11-04 19:16
NVD link : CVE-2024-25389
Mitre link : CVE-2024-25389
CVE.ORG link : CVE-2024-25389
JSON object : View
Products Affected
rt-thread
- rt-thread
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)