vulnerability

Debian: CVE-2025-32022: finit -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	May 6, 2025	May 15, 2025	May 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

May 6, 2025

Added

May 15, 2025

Modified

May 27, 2025

Description

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the `configure` script.

Solution

no-fix-debian-deb-package

References

CVE-2025-32022
https://attackerkb.com/topics/CVE-2025-32022

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today