A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.