CVE-2018-14634
CVE-2018-14634
In short
A math error in how Linux creates memory tables for programs allows someone to run a privileged program and gain full control of the system by exploiting this flaw.
Technical detail
An integer overflow in the kernel's create_elf_tables() function permits local privilege escalation when an unprivileged user executes a SUID binary. The flaw occurs during ELF table construction and affects kernel versions 2.6.x, 3.10.x, and 4.14.x, allowing an attacker to corrupt memory and escalate to root.
Summary generated and translated by AI from the official description.
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
The Linux Foundation · kernelpublic PoCs found — 3
githubgithub.com/luan0ap/cve-2018-14634★ 8cve_referencewww.exploit-db.com/exploits/45516/unverifiedexploitdbwww.exploit-db.com/exploits/45516unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2018:2748https://access.redhat.com/errata/RHSA-2018:2763https://access.redhat.com/errata/RHSA-2018:2846https://access.redhat.com/errata/RHSA-2018:2924https://access.redhat.com/errata/RHSA-2018:2925https://access.redhat.com/errata/RHSA-2018:2933https://access.redhat.com/errata/RHSA-2018:3540https://access.redhat.com/errata/RHSA-2018:3586https://access.redhat.com/errata/RHSA-2018:3590https://access.redhat.com/errata/RHSA-2018:3591https://access.redhat.com/errata/RHSA-2018:3643https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634