Bug 2370472 (CVE-2025-5702)
| Summary: | CVE-2025-5702 glibc: Vector register overwrite bug in glibc | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ashankar, codonell, dj, fweimer, pfrankli |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2370506, 2370507 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-06-05 19:01:16 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:9877 https://access.redhat.com/errata/RHSA-2025:9877 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:11066 https://access.redhat.com/errata/RHSA-2025:11066 This comment was flagged as spam, view the edit history to see the original text if required. This comment was flagged as spam, view the edit history to see the original text if required. |