7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.7%
An integer overflow flaw was found in the Linux kernel’s
create_elf_tables() function. An unprivileged local user with access to
SUID (or otherwise privileged) binary could use this flaw to escalate their
privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are
believed to be vulnerable.
Author | Note |
---|---|
tyhicks | “Only kernels with commit b6a2fea39318 (“mm: variable length argument support”, from July 19, 2007) but without commit da029c11e6b1 (“exec: Limit arg stack to at most 75% of _STK_LIM”, from July 7, 2017) are exploitable.” This flaw can only be exploited on systems with greater than 32 GB of RAM |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | linux | < 3.13.0-160.210 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-93.116 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1032.41 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-euclid | < 4.4.0-9029.31 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gcp | < 4.13.0-1002.5 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe | < 4.13.0-26.29~16.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe-edge | < 4.13.0-26.29~16.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-kvm | < 4.4.0-1007.12 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | < 4.4.0-93.116~14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-raspi2 | < 4.4.0-1071.79 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2018-14634
nvd.nist.gov/vuln/detail/CVE-2018-14634
security-tracker.debian.org/tracker/CVE-2018-14634
ubuntu.com/security/notices/USN-3775-1
ubuntu.com/security/notices/USN-3775-2
ubuntu.com/security/notices/USN-3779-1
www.cve.org/CVERecord?id=CVE-2018-14634
www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.7%