Advisory text for CVE-2025-5745

The fix is not available yet, so this only records the first vulnerable commit. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2025-08-07 06:43:00 +03:00 · 2025-06-05 15:24:49 -04:00
parent 62cb3ee57d
commit f8f73249d9
1 changed files with 26 additions and 0 deletions
--- a/advisories/GLIBC-SA-2025-0004
+++ b/advisories/GLIBC-SA-2025-0004
@@ -0,0 +1,26 @@
+power10: strncmp fails to save and restore nonvolatile vector registers
+
+The Power 10 implementation of strncmp in
+sysdeps/powerpc/powerpc64/le/power10/strncmp.S failed to save/restore
+nonvolatile vector registers in the 32-byte aligned loop path.  This
+results in callers reading content from those registers in a different
+context, potentially altering program logic.
+
+There could be a program context where a user controlled string could
+leak through strncmp into program code, thus altering its logic.  There
+is also a potential for sensitive strings passed into strncmp leaking
+through the clobbered registers into parts of the calling program that
+should otherwise not have had access to those strings.
+
+The impact of this flaw is limited to applications running on Power 10
+hardware that use the nonvolatile vector registers, i.e. v20 to v31
+assuming that they have been treated in accordance with the OpenPower
+psABI.  It is possible to work around the issue for those specific
+applications by setting the glibc.cpu.hwcaps tunable to "-arch_3_1" like
+so:
+
+    export GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1
+
+CVE-id: CVE-2025-5745
+Public-Date: 2025-06-05
+Vulnerable-Commit: 23f0d81608d0ca6379894ef81670cf30af7fd081 (2.40)