From: Carlos O'Donell <carlos@redhat.com>
Date: Thu, 15 May 2025 21:46:36 +0000 (-0400)
Subject: Document CVE-2025-4802.
X-Git-Tag: glibc-2.42~238
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e18586c5820e329f741d5c710275e165581380e;p=thirdparty%2Fglibc.git

Document CVE-2025-4802.

This commit adds advisory data for the above CVE(s).
---

diff --git a/advisories/GLIBC-SA-2025-0002 b/advisories/GLIBC-SA-2025-0002
new file mode 100644
index 0000000000..95c5c23e1b
--- /dev/null
+++ b/advisories/GLIBC-SA-2025-0002
@@ -0,0 +1,18 @@
+elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
+
+A statically linked setuid binary that calls dlopen (including internal
+dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)
+may incorrectly search LD_LIBRARY_PATH to determine which library to load,
+leading to the execution of library code that is attacker controlled.
+
+The only viable vector for exploitation of this bug is local, if a static
+setuid program exists, and that program calls dlopen, then it may search
+LD_LIBRARY_PATH to locate the SONAME to load. No such program has been
+discovered at the time of publishing this advisory, but the presence of
+custom setuid programs, although strongly discouraged as a security
+practice, cannot be discounted.
+
+CVE-id: CVE-2025-4802
+Public-Date: 2025-05-16
+Vulnerable-Commit: 10e93d968716ab82931d593bada121c17c0a4b93 (2.27)
+Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)