GNU C Library Vulnerability in Power10 Processor Implementation
CVE-2025-5745

5.6MEDIUM

Key Information:

Status
Vendor
CVE Published:
5 June 2025

What is CVE-2025-5745?

The GNU C Library features an implementation of strncmp optimized for the Power10 processor that inadvertently writes to non-volatile vector registers v20 to v31 without saving their contents from the caller. This oversight can lead to the overwriting of critical data and may alter the control flow of the calling function. Additionally, sensitive input strings passed to the function could be leaked, posing a significant risk to data integrity and overall program security. Developers using this library should assess their applications for potential exposure.

Affected Version(s)

glibc Power10 2.40

References

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-5745 : GNU C Library Vulnerability in Power10 Processor Implementation