GNU C Library Power10 Optimized Strcmp Vulnerability Allowing Control Flow Alteration

Vulnerability

A vulnerability exists in the Power10-optimized strcmp implementation in the GNU C Library, specifically in versions 2.39 and later. This vulnerability arises because the function writes to vector registers v20 to v31 without preserving the original contents, in violation of the powerpc64le ABI's non-volatile register designation. As a result, the unprotected registers can be overwritten, potentially disrupting the caller's control flow or leaking input strings to other program components.

Impact

Exploitation of this vulnerability could lead to unauthorized alteration of the caller's control flow or unintended disclosure of input strings to other parts of the program.

Added: Jun 5, 2025, 9:57 PM

Updated: Jun 5, 2025, 9:57 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU C Library Power10 Optimized Strcmp Vulnerability Allowing Control Flow Alteration

Vulnerability

Impact

Affected Products

GNU C Library

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating