CVE-2025-0577

NameCVE-2025-0577
DescriptionAn insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)bullseye2.31-13+deb11u11fixed
bullseye (security)2.31-13+deb11u13fixed
bookworm2.36-9+deb12u13fixed
bookworm (security)2.36-9+deb12u7fixed
trixie2.41-12+deb13u1fixed
forky, sid2.42-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glibcsource(unstable)(not affected)

Notes

- glibc <not-affected> (Doesn't affect any released version of glibc)
https://bugzilla.redhat.com/show_bug.cgi?id=2338871
Search for package or bug name: Reporting problems