CVE-2025-14104

MEDIUM

util-linux - Heap Buffer Overread

Title source: llm
STIX 2.1

Description

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

References (12)

Core 12
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:7180
https://access.redhat.com/errata/RHSA-2026:7180
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2419369
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1696
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1852
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:1913
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2485
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2563
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2737
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:2800
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3406
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:4943
https://access.redhat.com/errata/RHSA-2026:4943
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-14104

Scores

CVSS v3 6.1
EPSS 0.0001
EPSS Percentile 0.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (22)
Red Hat/Red Hat Ceph Storage 7 sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353
Red Hat/Red Hat Ceph Storage 7 sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221
Red Hat/Red Hat Ceph Storage 8 sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503
Red Hat/Red Hat Ceph Storage 8 sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2
Red Hat/Red Hat Ceph Storage 8 sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e
Red Hat/Red Hat Ceph Storage 9 sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a
Red Hat/Red Hat Ceph Storage 9 sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41
Red Hat/Red Hat Enterprise Linux 10 0:2.40.2-15.el10_1
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
... and 12 more
Published Dec 05, 2025
Tracked Since Feb 18, 2026