Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5745

Опубликовано: 05 июн. 2025
Источник: redhat
CVSS3: 8.1

Описание

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

A flaw was found in the strncmp glibc function optimized for the Power10 architecture. Overwriting two vector registers could disrupt program control flow, possibly leading to system instability.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10glibcNot affected
Red Hat Enterprise Linux 6compat-glibcNot affected
Red Hat Enterprise Linux 6glibcNot affected
Red Hat Enterprise Linux 7compat-glibcNot affected
Red Hat Enterprise Linux 7glibcNot affected
Red Hat Enterprise Linux 8glibcNot affected
Red Hat Enterprise Linux 9glibcNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-404
https://bugzilla.redhat.com/show_bug.cgi?id=2370488glibc: Vector register overwrite bug in glibc

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-5745

CVSS3: 5.6
ubuntu
13 дней назад

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

nvd логотип

CVE-2025-5745

CVSS3: 5.6
nvd
13 дней назад

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

debian логотип

CVE-2025-5745

CVSS3: 5.6
debian
13 дней назад

The strncmp implementation optimized for the Power10 processor in the ...

github логотип

GHSA-7qrf-49g7-25m2

CVSS3: 5.6
github
13 дней назад

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

8.1 High

CVSS3