CVE-2018-14634
Linux Kernel Integer Overflow Vulnerability
7.8
HIGH
CVSS 3.1
⚠ KEVEPSS 20.6%
Description
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
How to fix CVE-2018-14634
To remediate CVE-2018-14634, upgrade the affected package to a fixed version below.
- —upgrade to 4.12.6-1 or later
Is CVE-2018-14634 being exploited?
Yes — CVE-2018-14634 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (1)
- from 0, < 4.12.6-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |