{"id":"CVE-2018-14634","details":"An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.","modified":"2026-03-12T22:46:01.639801Z","published":"2018-09-25T21:29:00.390Z","related":["SUSE-SU-2018:2879-1","SUSE-SU-2018:2907-1","SUSE-SU-2018:2908-1","SUSE-SU-2018:2908-2","SUSE-SU-2018:3083-1","SUSE-SU-2018:3088-1","SUSE-SU-2018:3171-1","SUSE-SU-2018:3238-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2763"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2846"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3590"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3591"},{"type":"ADVISORY","url":"https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3775-1/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2933"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3540"},{"type":"ADVISORY","url":"https://security.paloaltonetworks.com/CVE-2018-14634"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3779-1/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3586"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3643"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2748"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2924"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2925"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3775-2/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/07/20/2"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/105407"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634"},{"type":"FIX","url":"https://security.netapp.com/advisory/ntap-20190204-0002/"},{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2018/09/25/4"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45516/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"7.1.0"},{"fixed":"7.1.23"}]},{"events":[{"introduced":"8.0.0"},{"fixed":"8.0.16"}]},{"events":[{"introduced":"8.1.0"},{"fixed":"8.1.7"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"11.2.1"},{"fixed":"11.6.4"}]},{"events":[{"introduced":"12.1.0"},{"fixed":"12.1.5"}]},{"events":[{"introduced":"13.0.0"},{"fixed":"13.1.1.5"}]},{"events":[{"introduced":"14.0.0"},{"fixed":"14.0.1.1"}]},{"events":[{"introduced":"14.1.0"},{"fixed":"14.1.0.6"}]},{"events":[{"introduced":"5.0.0"},{"last_affected":"5.4.0"}]},{"events":[{"introduced":"6.0.0"},{"last_affected":"6.0.1"}]},{"events":[{"introduced":"7.0.0"},{"last_affected":"7.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"3.1.1"}]},{"events":[{"introduced":"2.2.0"},{"last_affected":"2.3.0"}]},{"events":[{"introduced":"5.0.0"},{"last_affected":"5.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.0"}]},{"events":[{"introduced":"2.6.0"},{"last_affected":"2.6.39.4"}]},{"events":[{"introduced":"3.10"},{"last_affected":"3.10.102"}]},{"events":[{"introduced":"4.14"},{"last_affected":"4.14.54"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14634.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}