CVE-2018-14634

high-risk

Published 2018-09-25

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

Do I need to act?

22.4% chance of exploitation in next 30 days

EPSS score — higher than 78% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

1 public exploit available

45516

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Pan-Os

Big-Ip Access Policy Manager

Big-Ip Advanced Firewall Manager

Big-Ip Analytics

Big-Ip Application Acceleration Manager

Big-Ip Application Security Manager

Big-Ip Domain Name System

Big-Ip Edge Gateway

Big-Ip Fraud Protection Service

Big-Ip Global Traffic Manager

Big-Ip Link Controller

Big-Ip Local Traffic Manager

Big-Ip Policy Enforcement Manager

Big-Ip Webaccelerator

Big-Iq Centralized Management

Big-Iq Cloud And Orchestration

Enterprise Manager

Iworkflow

Traffix Signaling Delivery Controller

Affected Vendors

Redhat Linux F5 Canonical Netapp Paloaltonetworks

References (45)

Mailing List http://www.openwall.com/lists/oss-security/2021/07/20/2

Third Party Advisory http://www.securityfocus.com/bid/105407

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2748

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2763

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2846

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2924

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2925

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2933

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3540

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3586

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3590

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3591

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3643

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634

Patch https://security.netapp.com/advisory/ntap-20190204-0002/

Third Party Advisory https://security.paloaltonetworks.com/CVE-2018-14634

Third Party Advisory https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medi...

Third Party Advisory https://usn.ubuntu.com/3775-1/

Third Party Advisory https://usn.ubuntu.com/3775-2/

Third Party Advisory https://usn.ubuntu.com/3779-1/

and 25 more references

/ 100

high-risk

Severity 24/34 · High

Exploitability 21/34 · High

Exposure 24/34 · High