rpm package
suse/util-linux-systemd&distro=SUSE Linux Enterprise Module for Server Applications 15 SP7
pkg:rpm/suse/util-linux-systemd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27456 | Med | 4.7 | < 2.40.4-150700.4.13.1 | 2.40.4-150700.4.13.1 | Apr 3, 2026 | util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path | |
| CVE-2026-3184 | Low | 3.7 | < 2.40.4-150700.4.10.1 | 2.40.4-150700.4.10.1 | Apr 3, 2026 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, pot | |
| CVE-2025-14104 | Med | 6.1 | < 2.40.4-150700.4.3.1 | 2.40.4-150700.4.3.1 | Dec 5, 2025 | A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. |
- affected < 2.40.4-150700.4.13.1fixed 2.40.4-150700.4.13.1
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path
- affected < 2.40.4-150700.4.10.1fixed 2.40.4-150700.4.10.1
A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, pot
- affected < 2.40.4-150700.4.3.1fixed 2.40.4-150700.4.3.1
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.