GNU C Library Vulnerability in Power10 Processor Implementation
CVE-2025-5745

5.6MEDIUM

Key Information:

Vendor: The Gnu C Library
Status: Glibc
Vendor: CVE Published:; 5 June 2025

🔔 Create The Gnu C Library Vulnerability Alert

What is CVE-2025-5745?

The GNU C Library features an implementation of strncmp optimized for the Power10 processor that inadvertently writes to non-volatile vector registers v20 to v31 without saving their contents from the caller. This oversight can lead to the overwriting of critical data and may alter the control flow of the calling function. Additionally, sensitive input strings passed to the function could be leaked, posing a significant risk to data integrity and overall program security. Developers using this library should assess their applications for potential exposure.

Affected Version(s)

glibc Power10 2.40

References

https://sourceware.org/bugzilla/show_bug.cgi?id=33060

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 5, 2025
Vulnerability Reserved
Jun 5, 2025

JSON