CVE-2025-20882

Name of the Vulnerable Software and Affected Versions libsthmbc.so versions prior to SMR Jan-2025 Release 1

Description The issue allows local attackers to execute arbitrary code with privilege by accessing uninitialized memory for svc1td in libsthmbc.so. This is due to an out-of-bounds write. User interaction is required for triggering this vulnerability.

Recommendations For versions prior to SMR Jan-2025 Release 1, consider disabling access to the vulnerable svc1td function in libsthmbc.so until a patch is available. Restrict user interaction with the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.