Wind River Support Network

HomeDefectsLIN1021-15815
Fixed

LIN1021-15815 : Security Advisory - glibc - CVE-2025-4802

Created: May 18, 2025    Updated: Jul 24, 2025
Resolved Date: Jul 24, 2025
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Toolchain, Userspace

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

CREATE(Triage):(User=admin) CVE-2025-4802 (https://nvd.nist.gov/vuln/detail/CVE-2025-4802)

CVEs


Live chat
Online