Buffer Overwrite Vulnerability in GNU C Library for Power10 Processors
CVE-2025-5702

5.6MEDIUM

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 5 June 2025

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2025-5702?

A vulnerability exists in the GNU C Library's strcmp implementation, optimized for Power10 processors. The implementation improperly handles vector registers v20 to v31 without saving the contents of these non-volatile registers as defined by the powerpc64le ABI. This oversight leads to potential overwriting of register contents, which may alter the control flow of the calling function or inadvertently leak input strings to other areas of the program.

Affected Version(s)

glibc Power10 2.39

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33056

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2025
Vulnerability Reserved
Jun 4, 2025