PT-2025-4170 · Unknown · Libsthmbc.So

Published

2025-02-04

Updated

2025-02-12

CVE-2025-20888

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libsthmbc.so versions prior to SMR Jan-2025 Release 1

Description The issue is related to an out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so. This allows local attackers to execute arbitrary code with privilege, requiring user interaction to trigger the issue.

Recommendations For versions prior to SMR Jan-2025 Release 1, update to SMR Jan-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the smp4vtd functionality in libsthmbc.so to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2025-20888

Affected Products

Libsthmbc.So

PT-2025-4170 · Unknown · Libsthmbc.So

CVE-2025-20888

Weakness Enumeration

Related Identifiers

Affected Products

References · 6