CVE-2025-20889

Name of the Vulnerable Software and Affected Versions libsthmbc.so versions prior to SMR Jan-2025 Release 1

Description The issue is related to an out-of-bounds read in decoding a malformed bitstream for smp4vtd in libsthmbc.so. This allows local attackers to read arbitrary memory, with user interaction required for triggering the issue.

Recommendations For versions prior to SMR Jan-2025 Release 1, update to the SMR Jan-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the smp4vtd decoding functionality in libsthmbc.so to minimize the risk of exploitation.