CVE-2025-5745

MEDIUM

GNU C Library >=2.40 - Memory Corruption

Title source: llm

Description

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

References (1)

[Issue Tracking] https://sourceware.org/bugzilla/show_bug.cgi?id=33060

Scores

CVSS v3 5.6

EPSS 0.0026

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-665

Status published

Products (1)

gnu/glibc 2.40 - 2.40-136

Published Jun 05, 2025

Tracked Since Feb 18, 2026