CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
9.5%
An integer overflow flaw was found in the Linux kernel’s
create_elf_tables() function. An unprivileged local user with access to
SUID (or otherwise privileged) binary could use this flaw to escalate their
privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are
believed to be vulnerable.
Author | Note |
---|---|
tyhicks | “Only kernels with commit b6a2fea39318 (“mm: variable length argument support”, from July 19, 2007) but without commit da029c11e6b1 (“exec: Limit arg stack to at most 75% of _STK_LIM”, from July 7, 2017) are exploitable.” This flaw can only be exploited on systems with greater than 32 GB of RAM |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | linux | < 3.13.0-160.210 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-93.116 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1032.41 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-euclid | < 4.4.0-9029.31 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gcp | < 4.13.0-1002.5 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe | < 4.13.0-26.29~16.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe-edge | < 4.13.0-26.29~16.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-kvm | < 4.4.0-1007.12 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | < 4.4.0-93.116~14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-raspi2 | < 4.4.0-1071.79 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2018-14634
nvd.nist.gov/vuln/detail/CVE-2018-14634
security-tracker.debian.org/tracker/CVE-2018-14634
ubuntu.com/security/notices/USN-3775-1
ubuntu.com/security/notices/USN-3775-2
ubuntu.com/security/notices/USN-3779-1
www.cve.org/CVERecord?id=CVE-2018-14634
www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
9.5%