Heap Buffer Overread Vulnerability in util-linux by Red Hat
CVE-2025-14104

6.1MEDIUM

Key Information:

Vendor

Util-linux

Status
Util-linux
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
5 December 2025

What is CVE-2025-14104?

A vulnerability exists in the util-linux package, specifically within the setpwnam() function. This flaw allows for a heap buffer overread when processing usernames that are 256 bytes long. It affects the SUID (Set User ID) login-utils utilities that interact with the password database, potentially exposing sensitive information and posing a risk to system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Ceph Storage 7 sha256:485411749726179fe5cd880e2cf308261b35150e4b356ddb7100f52e02b2e353

Red Hat Ceph Storage 8 sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e

Red Hat Ceph Storage 9 sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41

References

https://access.redhat.com/errata/RHSA-2026:1696
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1852
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1913
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.