CVE-2026-13199
A CWE-331: Insufficient Entropy in rpi-eeprom package at v28.13-1 on Raspberry Pi 5 and Compute Module 5 produces non-random KASLR and RNG seed values across reboots.
This issue allows a local attacker to guess Linux kernel base address and bypass the KASLR protection mechanism.
July 6, 2026
This issue affects rpi-eeprom package versions prior to 28.22-1 on Raspberry Pi 5 and Compute Module 5
CVE-2026-13199
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.1
To fix this issue, it is suggested to update the rpi-eeprom package to version 28.22-1 or later.
Gabriele Quagliarella at Nozomi Networks
Nozomi Networks Labs curates threat and vulnerability insights that are continuously fed into the Nozomi Networks platform to ensure our sensors can detect existing and emerging threats and vulnerabilities that threaten customers environments.
Learn more