CVE-2018-14634
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
Se ha encontrado un error de desbordamiento de enteros en la función create_elf_tables() del kernel de Linux. Un usuario local sin privilegios con acceso al binario SUID (o a otro privilegiado) podría emplear este error para escalar sus privilegios en el sistema. Se cree que las versiones 2.6.x, 3.10.x y 4.14.x del kernel se han visto afectadas.
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-27 CVE Reserved
- 2018-09-25 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (25)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/07/20/2 | Mailing List | |
http://www.securityfocus.com/bid/105407 | Third Party Advisory | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634 | Issue Tracking | |
https://security.paloaltonetworks.com/CVE-2018-14634 | X_refsource_confirm | |
https://support.f5.com/csp/article/K20934447?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/45516 | 2024-08-05 | |
https://www.openwall.com/lists/oss-security/2018/09/25/4 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://security.netapp.com/advisory/ntap-20190204-0002 | 2023-02-13 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2748 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:2763 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:2846 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:2924 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:2925 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:2933 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:3540 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:3586 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:3590 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:3591 | 2023-02-13 | |
https://access.redhat.com/errata/RHSA-2018:3643 | 2023-02-13 | |
https://usn.ubuntu.com/3775-1 | 2023-02-13 | |
https://usn.ubuntu.com/3775-2 | 2023-02-13 | |
https://usn.ubuntu.com/3779-1 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2018-14634 | 2018-11-20 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1624498 | 2018-11-20 | |
https://access.redhat.com/security/vulnerabilities/mutagen-astronomy | 2018-11-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.0 <= 2.6.39.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.0 <= 2.6.39.4" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.10.0 <= 3.10.102 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10.0 <= 3.10.102" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14.0 <= 4.14.54 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.0 <= 4.14.54" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Performance Analytics Services Search vendor "Netapp" for product "Active Iq Performance Analytics Services" | - | - |
Affected
|