PT-2025-23974 · Unknown+2 · Gnu C Library+2
Published
2025-06-05
·
Updated
2025-10-22
·
CVE-2025-5745
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
GNU C Library versions 2.40 and later
Description
The issue arises from the strncmp implementation optimized for the Power10 processor, which writes to vector registers v20 to v31 without saving the contents from the caller. This can lead to overwriting of the contents and potentially altering the control flow of the caller, or leaking the input strings to the function to other parts of the program.
Recommendations
For GNU C Library versions 2.40 and later, consider saving the contents of vector registers v20 to v31 before calling the strncmp function to prevent overwriting and potential control flow alteration.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gnu C Library
Linuxmint
Ubuntu