Jordi Mallach

**Name of the Vulnerable Software and Affected Versions** GNOME at-spi2-atk version 2.5.2 **Description** The issue concerns the `register application` function in `atk-adaptor/bridge.c`, which does not properly seed the random number generator. This results in the generation of predictable temporary file names. A local user can exploit this to create or truncate files via a symlink attack on a temporary socket file in `/tmp/at-spi2`. **Recommendations** For GNOME at-spi2-atk version 2.5.2, consider restricting access to the `register application` function until a patch is available. As a temporary workaround, avoid using the `atk-adaptor/bridge.c` module to minimize the risk of exploitation.