CVE-2024-25389

Name of the Vulnerable Software and Affected Versions RT-Thread versions through 5.0.2

Description The issue is related to a weak random number generation algorithm used in RT-Thread. The algorithm, defined as seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;, is implemented in the calc random function within the drivers/misc/rt random.c file. This weakness can potentially lead to predictable random numbers.

Recommendations For RT-Thread versions through 5.0.2, consider modifying the calc random function to utilize a more secure random number generation algorithm until a patch is available. As a temporary workaround, restrict the use of the calc random function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.