Description
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Published: 2025-12-05
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Buffer Overread
Action: Patch
AI Analysis

Impact

The vulnerability arises when util-linux processes a username that is 256 bytes long in the setpwnam() function, causing a heap buffer overread in the SUID login‑utils utilities that write to the password database. This overread can expose adjacent memory contents, potentially leaking sensitive information or corrupting the password database. The weakness corresponds to CWE‑125, indicating a lack of bounds checking.

Affected Systems

Affected systems include Red Hat Ceph Storage versions 7, 8, 9 and Red Hat Enterprise Linux 6 through 10, including RHEL 6, 7, 8, 9 and the 10.1 base OS, as well as Red Hat Hardened Images, Red Hat Insights Proxy 1.5, Red Hat OpenShift Container Platform 4, Red Hat Update Infrastructure 5, and the util‑linux package itself. Any deployment using these products and relying on the login‑utils with setuid privileges is at risk.

Risk and Exploitability

The CVSS score of 6.1 indicates a moderate impact. EPSS is below 1 %, showing a very low probability of exploitation, and the vulnerability is not currently listed in CISA’s KEV. Likely attack requires local execution of the affected SUID utilities, making it a local privilege escalation scenario. Nevertheless, because the overread can leak data, administrators should treat it as a risk to confidentiality and integrity and prioritize applying the Red Hat patches.

Generated by OpenCVE AI on April 20, 2026 at 16:14 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Apply the Red Hat errata updates RHSA‑2026:1696, RHSA‑2026:1852, RHSA‑2026:1913, RHSA‑2026:2485, RHSA‑2026:2563, RHSA‑2026:2737, RHSA‑2026:2800, RHSA‑2026:3406, RHSA‑2026:4943, or RHSA‑2026:7180 depending on your distribution version.
  • Limit username length to 255 bytes and consider removing setuid flags from login‑utilities when not required.
  • Assess any custom or third‑party software that invokes setpwnam() for similar vulnerabilities and apply appropriate updates or mitigation.

Generated by OpenCVE AI on April 20, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
References

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Wed, 18 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 26 Feb 2026 07:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:ceph_storage:9::el10
References

Tue, 17 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:ceph_storage:7::el9
References

Mon, 16 Feb 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ceph Storage
CPEs cpe:/a:redhat:ceph_storage:8::el9
Vendors & Products Redhat ceph Storage
References

Wed, 11 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhui
CPEs cpe:/a:redhat:rhui:5::el9
Vendors & Products Redhat rhui
References

Tue, 10 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Wed, 04 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:enterprise_linux:9::crb
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 04 Feb 2026 11:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 02 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.1
References

Sat, 06 Dec 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 05 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Dec 2025 16:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
Title Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-125
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Redhat Ceph Storage Enterprise Linux Hummingbird Insights Proxy Openshift Rhui
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-19T19:37:37.557Z

Reserved: 2025-12-05T14:18:15.840Z

Link: CVE-2025-14104

cve-icon Vulnrichment

Updated: 2025-12-05T20:03:16.006Z

cve-icon NVD

Status : Deferred

Published: 2025-12-05T17:16:03.117

Modified: 2026-04-19T20:16:20.623

Link: CVE-2025-14104

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-12-05T00:00:00Z

Links: CVE-2025-14104 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:15:11Z

Weaknesses