CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

Published: Sep 25, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-14634
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	3.10.0	3.10.102.x
linux / linux_kernel	2.6.0	2.6.39.4.x
linux / linux_kernel	4.14.0	4.14.54.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_server_aus	6.6	6.6.x
redhat / enterprise_linux_server_aus	6.5	6.5.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_server_eus	7.5	7.5.x
redhat / enterprise_linux_server_eus	6.7	6.7.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_eus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_server_tus	6.6	6.6.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	12.04	12.04.x

Vulnerability Database

289,697

CVE-2018-14634