CVE-2025-5702

CVSS v3.1

5.6

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.39 and later

Description The issue arises from the strcmp implementation optimized for the Power10 processor, which writes to vector registers v20 to v31 without saving the contents from the caller. This can lead to overwriting of the contents and potentially altering the control flow of the caller, or leaking the input strings to the function to other parts of the program.

Recommendations For GNU C Library versions 2.39 and later, consider saving the contents of vector registers v20 to v31 before calling the strcmp function to prevent overwriting and potential control flow alteration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

ALSA-2025:11066

ALSA-2025:9877

CVE-2025-5702

INFSA-2025_9877

OPENSUSE-SU-2025:15227-1

RHSA-2025:11066

RHSA-2025:9877

RHSA-2025_9877

USN-7634-1

Affected Products

Almalinux

Gnu C Library

Linuxmint

Red Hat

Rocky Linux

Ubuntu

CVE-2025-5702

Weakness Enumeration

Related Identifiers

Affected Products

References · 25