CVE-2018-14634

Confirmed PUBLISHED

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise...

The Linux Foundation · kernel

1 day faster than CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 14.8%

At a Glance

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

cisa linux
CVE Published
Sep 25, 2018
Exploitation Reported
Jun 01, 2026
CVSS
7.8 High
EPSS
14.8%
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
The Linux Foundation
kernel

2.6.x, 3.10.x, 4.14.x

Affected

CVE References

  • RHSA-2018:3540 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2018:3540
  • RHSA-2018:2925 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2018:2925
  • RHSA-2018:3591 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2018:3591
  • USN-3775-1 usn.ubuntu.com · Vendor Advisory https://usn.ubuntu.com/3775-1/
  • RHSA-2018:2933 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2018:2933
Show 17 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.