vulnerability

Oracle Linux: CVE-2025-14104: ELSA-2026-1696: util-linux security update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:C)
Published
Dec 5, 2025
Added
Feb 3, 2026
Modified
Feb 9, 2026

Description

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.

Solutions

oracle-linux-upgrade-libblkidoracle-linux-upgrade-libblkid-develoracle-linux-upgrade-libfdiskoracle-linux-upgrade-libfdisk-develoracle-linux-upgrade-libmountoracle-linux-upgrade-libmount-develoracle-linux-upgrade-libsmartcolsoracle-linux-upgrade-libsmartcols-develoracle-linux-upgrade-libuuidoracle-linux-upgrade-libuuid-develoracle-linux-upgrade-python3-libmountoracle-linux-upgrade-util-linuxoracle-linux-upgrade-util-linux-coreoracle-linux-upgrade-util-linux-useroracle-linux-upgrade-uuidd

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today