CVE-2025-5745

ADVISORY - nist

Summary

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

EPSS Score⁠: 0.00255 (0.488)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-665⁠

Improper Initialization

ADVISORY - redhat

CWE-404⁠

Improper Resource Shutdown or Release

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

7 months ago

ADVISORY IDCVE-2025-5745⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-665⁠

CVSS SCORE

5.6medium

Debian

CREATED

1 year ago

UPDATED

29 days ago

ADVISORY IDCVE-2025-5745⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

1 year ago

UPDATED

11 months ago

ADVISORY IDCVE-2025-5745⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

1 year ago

UPDATED

5 months ago

ADVISORY IDCVE-2025-5745⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-404⁠

CVSS SCORE

8.1high

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-jv59-4qfv-m6g5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY ID

CGA-rxf5-4qf7-5jpg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

MINI-pr9c-2v5q-34m2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY