Medium severity6.1NVD Advisory· Published Dec 5, 2025· Updated Apr 19, 2026
CVE-2025-14104
CVE-2025-14104
Description
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam() function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
50- osv-coords49 versionspkg:rpm/almalinux/libblkidpkg:rpm/almalinux/libblkid-develpkg:rpm/almalinux/libfdiskpkg:rpm/almalinux/libfdisk-develpkg:rpm/almalinux/libmountpkg:rpm/almalinux/libmount-develpkg:rpm/almalinux/libsmartcolspkg:rpm/almalinux/libsmartcols-develpkg:rpm/almalinux/libuuidpkg:rpm/almalinux/libuuid-develpkg:rpm/almalinux/python3-libmountpkg:rpm/almalinux/util-linuxpkg:rpm/almalinux/util-linux-corepkg:rpm/almalinux/util-linux-userpkg:rpm/almalinux/uuiddpkg:rpm/opensuse/python3-libmount&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-libmount&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-libmount&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/util-linux&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/util-linux&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/util-linux&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/util-linux-systemd&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/util-linux-systemd&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/python-libmount&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-libmount&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/python-libmount&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/util-linux&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Micro%206.2
< 2.40.2-15.el10_1+ 48 more
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.32.1-48.el8_10
- (no CPE)range: < 2.40.2-15.el10_1
- (no CPE)range: < 2.37.4-150500.9.20.1
- (no CPE)range: < 2.39.3-150600.4.15.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.39.3-150600.4.15.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.41.3-1.1
- (no CPE)range: < 2.39.3-150600.4.15.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.33.2-4.48.1
- (no CPE)range: < 2.36.2-150300.4.50.1
- (no CPE)range: < 2.37.2-150400.8.38.1
- (no CPE)range: < 2.37.2-150400.8.38.1
- (no CPE)range: < 2.37.4-150500.9.20.1
- (no CPE)range: < 2.40.4-150700.4.3.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.33.2-4.48.1
- (no CPE)range: < 2.39.3-4.1
- (no CPE)range: < 2.40.4-slfo.1.1_3.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.36.2-150300.4.50.1
- (no CPE)range: < 2.37.2-150400.8.38.1
- (no CPE)range: < 2.37.2-150400.8.38.1
- (no CPE)range: < 2.37.4-150500.9.20.1
- (no CPE)range: < 2.40.4-150700.4.3.1
- (no CPE)range: < 2.40.4-150700.4.3.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.41.1-160000.3.1
- (no CPE)range: < 2.33.2-4.48.1
- (no CPE)range: < 2.39.3-4.1
- (no CPE)range: < 2.40.4-slfo.1.1_3.1
- (no CPE)range: < 2.41.1-160000.3.1
Patches
Vulnerability mechanics
References
12- access.redhat.com/errata/RHSA-2026:1696nvd
- access.redhat.com/errata/RHSA-2026:1852nvd
- access.redhat.com/errata/RHSA-2026:1913nvd
- access.redhat.com/errata/RHSA-2026:2485nvd
- access.redhat.com/errata/RHSA-2026:2563nvd
- access.redhat.com/errata/RHSA-2026:2737nvd
- access.redhat.com/errata/RHSA-2026:2800nvd
- access.redhat.com/errata/RHSA-2026:3406nvd
- access.redhat.com/errata/RHSA-2026:4943nvd
- access.redhat.com/errata/RHSA-2026:7180nvd
- access.redhat.com/security/cve/CVE-2025-14104nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.