Vulnerability Description
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2026:1696
- https://access.redhat.com/errata/RHSA-2026:1852
- https://access.redhat.com/errata/RHSA-2026:1913
- https://access.redhat.com/errata/RHSA-2026:2485
- https://access.redhat.com/errata/RHSA-2026:2563
- https://access.redhat.com/errata/RHSA-2026:2737
- https://access.redhat.com/errata/RHSA-2026:2800
- https://access.redhat.com/errata/RHSA-2026:3406
- https://access.redhat.com/errata/RHSA-2026:4943
- https://access.redhat.com/errata/RHSA-2026:7180
- https://access.redhat.com/security/cve/CVE-2025-14104
- https://bugzilla.redhat.com/show_bug.cgi?id=2419369
FAQ
What is CVE-2025-14104?
CVE-2025-14104 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-u...
How severe is CVE-2025-14104?
CVE-2025-14104 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14104?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.