Description
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
CISA Known Exploited Vulnerability
Date added 2026-01-26 | Due date 2026-02-16
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Problem types
Product status
References
access.redhat.com/errata/RHSA-2018:3540 (RHSA-2018:3540)
security.netapp.com/advisory/ntap-20190204-0002/
access.redhat.com/errata/RHSA-2018:2925 (RHSA-2018:2925)
access.redhat.com/errata/RHSA-2018:3591 (RHSA-2018:3591)
www.exploit-db.com/exploits/45516/ (45516)
usn.ubuntu.com/3775-1/ (USN-3775-1)
access.redhat.com/errata/RHSA-2018:2933 (RHSA-2018:2933)
usn.ubuntu.com/3779-1/ (USN-3779-1)
access.redhat.com/errata/RHSA-2018:2748 (RHSA-2018:2748)
access.redhat.com/errata/RHSA-2018:3590 (RHSA-2018:3590)
usn.ubuntu.com/3775-2/ (USN-3775-2)
access.redhat.com/errata/RHSA-2018:2763 (RHSA-2018:2763)
www.securityfocus.com/bid/105407 (105407)
access.redhat.com/errata/RHSA-2018:2924 (RHSA-2018:2924)
access.redhat.com/errata/RHSA-2018:3586 (RHSA-2018:3586)
access.redhat.com/errata/RHSA-2018:3643 (RHSA-2018:3643)
access.redhat.com/errata/RHSA-2018:2846 (RHSA-2018:2846)
www.openwall.com/lists/oss-security/2018/09/25/4 ([oss-security] 20180925 Integer overflow in Linux's create_elf_tables() (CVE-2018-14634))
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634
support.f5.com/...?utm_source=f5support&%3Butm_medium=RSS
security.paloaltonetworks.com/CVE-2018-14634
www.openwall.com/lists/oss-security/2021/07/20/2 ([oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1))
www.cisa.gov/...erabilities-catalog?field_cve=CVE-2018-14634
access.redhat.com/errata/RHSA-2018:3540 (RHSA-2018:3540)
security.netapp.com/advisory/ntap-20190204-0002/
access.redhat.com/errata/RHSA-2018:2925 (RHSA-2018:2925)
access.redhat.com/errata/RHSA-2018:3591 (RHSA-2018:3591)
www.exploit-db.com/exploits/45516/ (45516)
usn.ubuntu.com/3775-1/ (USN-3775-1)
access.redhat.com/errata/RHSA-2018:2933 (RHSA-2018:2933)
usn.ubuntu.com/3779-1/ (USN-3779-1)
access.redhat.com/errata/RHSA-2018:2748 (RHSA-2018:2748)
access.redhat.com/errata/RHSA-2018:3590 (RHSA-2018:3590)
usn.ubuntu.com/3775-2/ (USN-3775-2)
access.redhat.com/errata/RHSA-2018:2763 (RHSA-2018:2763)
www.securityfocus.com/bid/105407 (105407)
access.redhat.com/errata/RHSA-2018:2924 (RHSA-2018:2924)
access.redhat.com/errata/RHSA-2018:3586 (RHSA-2018:3586)
access.redhat.com/errata/RHSA-2018:3643 (RHSA-2018:3643)
access.redhat.com/errata/RHSA-2018:2846 (RHSA-2018:2846)
www.openwall.com/lists/oss-security/2018/09/25/4 ([oss-security] 20180925 Integer overflow in Linux's create_elf_tables() (CVE-2018-14634))
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634
support.f5.com/...?utm_source=f5support&%3Butm_medium=RSS
security.paloaltonetworks.com/CVE-2018-14634
www.openwall.com/lists/oss-security/2021/07/20/2 ([oss-security] 20210720 CVE-2021-33910: Denial of service (stack exhaustion) in systemd (PID 1))