CVE-2025-5702: 
Linux Debian vulnerability analysis and mitigation

The GNU C Library (glibc) version 2.39 and later contains a vulnerability in its strcmp implementation optimized for the Power10 processor. The vulnerability was discovered and disclosed on June 5, 2025, identified as CVE-2025-5702. This security flaw affects systems running the GNU C Library on Power10 processors (NVD).

The vulnerability stems from the strcmp implementation writing to vector registers v20 to v31 without properly saving the contents from the caller. These registers are designated as non-volatile registers by the powerpc64le ABI, making this behavior non-compliant with the ABI specifications. The vulnerability has been assigned a CVSS v3.1 base score of 5.6 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L, and is classified under CWE-665 (Improper Initialization) (NVD).

The vulnerability can result in two primary security impacts: potential alteration of the caller's control flow and possible leakage of input strings to other parts of the program. This improper handling of non-volatile registers can lead to unexpected program behavior and information disclosure (NVD).