CVE-2024-25389

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/03/05/1	Mailing List Issue Tracking
https://github.com/RT-Thread/rt-thread/issues/8283	Issue Tracking Mitigation
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt	Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28	Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/	Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/05/1	Mailing List Issue Tracking
https://github.com/RT-Thread/rt-thread/issues/8283	Issue Tracking Mitigation
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt	Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28	Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rt-thread:rt-thread:*:*:*:*:*:*:*:*

History

16 Apr 2025, 18:57

Type	Values Removed	Values Added
First Time		Rt-thread Rt-thread rt-thread
CPE		cpe:2.3:a:rt-thread:rt-thread::::::::
References	~~() http://www.openwall.com/lists/oss-security/2024/03/05/1 -~~	() http://www.openwall.com/lists/oss-security/2024/03/05/1 - Mailing List, Issue Tracking
References	~~() https://github.com/RT-Thread/rt-thread/issues/8283 -~~	() https://github.com/RT-Thread/rt-thread/issues/8283 - Issue Tracking, Mitigation
References	~~() https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt -~~	() https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt - Third Party Advisory
References	~~() https://seclists.org/fulldisclosure/2024/Mar/28 -~~	() https://seclists.org/fulldisclosure/2024/Mar/28 - Mailing List
References	~~() https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ -~~	() https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ - Third Party Advisory

Information

Published : 2024-03-27 03:15

Updated : 2025-04-16 18:57

NVD link : CVE-2024-25389

Mitre link : CVE-2024-25389

CVE.ORG link : CVE-2024-25389

JSON object : View

Products Affected

rt-thread

rt-thread

CWE

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

7.5 /10