CVE-2025-14104

EUVD-2025-201450
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
util-linux
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
2.42-6
fixed
sid
2.42.1-2
fixed
trixie
unimportant
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libblkid-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libblkid-devel-static
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libblkid1
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libblkid1-32bit
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libfdisk-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libfdisk1
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libmount-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libmount1
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libmount1-32bit
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libsmartcols-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libsmartcols1
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libuuid-devel
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libuuid-devel-static
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libuuid1
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
libuuid1-32bit
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
python-libmount
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
util-linux
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
util-linux-extra
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
util-linux-lang
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
util-linux-systemd
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
util-linux-tty-tools
suse enterprise desktop 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise sap 15 SP7
2.40.4-150700.4.3.1
fixed
suse enterprise server 15 SP7
2.40.4-150700.4.3.1
fixed
uuidd
suse enterprise server 12 SP3
2.29.2-3.45.1
fixed
suse enterprise server 15 SP4
2.37.2-150400.8.38.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libblkid
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libblkid-devel
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libfdisk
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libfdisk-devel
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libmount
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libmount-devel
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libsmartcols
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libsmartcols-devel
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libuuid
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
libuuid-devel
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
python3-libmount
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
util-linux
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
util-linux-core
RHEL 9
0:2.37.4-21.el9_7
fixed
util-linux-user
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
uuidd
RHEL 8
0:2.32.1-48.el8_10
fixed
RHEL 9
0:2.37.4-21.el9_7
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
util-linux
Azure Linux 3.0
0:2.40.2-3.azl3
fixed
CBL-Mariner 2.0
0:2.37.4-10.cm2
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:1696
https://access.redhat.com/errata/RHSA-2026:1852
https://access.redhat.com/errata/RHSA-2026:1913
https://access.redhat.com/errata/RHSA-2026:2485
https://access.redhat.com/errata/RHSA-2026:2563
https://access.redhat.com/errata/RHSA-2026:2737
https://access.redhat.com/errata/RHSA-2026:2800
https://access.redhat.com/errata/RHSA-2026:3406
https://access.redhat.com/errata/RHSA-2026:4943
https://access.redhat.com/errata/RHSA-2026:7180
https://access.redhat.com/security/cve/CVE-2025-14104
https://bugzilla.redhat.com/show_bug.cgi?id=2419369