Heap Buffer Overread Vulnerability in util-linux by Red Hat
CVE-2025-14104

6.1MEDIUM

Key Information:

Vendor

Util-linux

Status
Util-linux
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Vendor
CVE Published:
5 December 2025

What is CVE-2025-14104?

A vulnerability exists in the util-linux package, specifically within the setpwnam() function. This flaw allows for a heap buffer overread when processing usernames that are 256 bytes long. It affects the SUID (Set User ID) login-utils utilities that interact with the password database, potentially exposing sensitive information and posing a risk to system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Ceph Storage 7 sha256:c22fa89f545b3a8ae37cddadbea46d5bb51b8178929a67254bd2a133f4c0f221

Red Hat Ceph Storage 8 sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2

Red Hat Ceph Storage 9 sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41

References

https://access.redhat.com/errata/RHSA-2026:1696
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1852
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:1913
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.