GNU C Library Vulnerability in Power10 Processor Implementation
CVE-2025-5745
5.6MEDIUM
What is CVE-2025-5745?
The GNU C Library features an implementation of strncmp optimized for the Power10 processor that inadvertently writes to non-volatile vector registers v20 to v31 without saving their contents from the caller. This oversight can lead to the overwriting of critical data and may alter the control flow of the calling function. Additionally, sensitive input strings passed to the function could be leaked, posing a significant risk to data integrity and overall program security. Developers using this library should assess their applications for potential exposure.
Affected Version(s)
glibc Power10 2.40