CVE-2018-14634

HIGH

Description

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

References

http://www.securityfocus.com/bid/105407

https://access.redhat.com/errata/RHSA-2018:2748

https://access.redhat.com/errata/RHSA-2018:2763

https://access.redhat.com/errata/RHSA-2018:2846

https://access.redhat.com/errata/RHSA-2018:2924

https://access.redhat.com/errata/RHSA-2018:2925

https://access.redhat.com/errata/RHSA-2018:2933

https://access.redhat.com/errata/RHSA-2018:3540

https://access.redhat.com/errata/RHSA-2018:3586

https://access.redhat.com/errata/RHSA-2018:3590

https://access.redhat.com/errata/RHSA-2018:3591

https://access.redhat.com/errata/RHSA-2018:3643

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634

https://security.netapp.com/advisory/ntap-20190204-0002/

https://securityadvisories.paloaltonetworks.com/Home/Detail/143

https://usn.ubuntu.com/3775-1/

https://usn.ubuntu.com/3775-2/

https://usn.ubuntu.com/3779-1/

https://www.exploit-db.com/exploits/45516/

https://www.openwall.com/lists/oss-security/2018/09/25/4

Details

Source: MITRE

Published: 2018-09-25

Updated: 2019-03-21

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 2.6.0 to 2.6.39.4 (inclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 3.10.0 to 3.10.102 (inclusive)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 4.14.0 to 4.14.54 (inclusive)

ID	Name	Product	Family	Severity
127408	NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0143)	Nessus	NewStart CGSL Local Security Checks	critical
127233	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0049)	Nessus	NewStart CGSL Local Security Checks	high
127202	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0034)	Nessus	NewStart CGSL Local Security Checks	high
125101	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1513)	Nessus	Huawei Local Security Checks	critical
124833	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1511)	Nessus	Huawei Local Security Checks	high
123136	F5 Networks BIG-IP : Linux kernel vulnerability (K20934447)	Nessus	F5 Networks Local Security Checks	high
123079	Palo Alto Networks < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Integer Overflow Vulnerability (PAN-SA-2019-0006)	Nessus	Palo Alto Local Security Checks	high
122611	Virtuozzo 7 : OVMF / anaconda / anaconda-core / anaconda-dracut / etc (VZA-2019-013)	Nessus	Virtuozzo Local Security Checks	high
121098	Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-075)	Nessus	Virtuozzo Local Security Checks	high
121097	Virtuozzo 7 : readykernel-patch (VZA-2018-072)	Nessus	Virtuozzo Local Security Checks	high
121068	Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)	Nessus	Junos Local Security Checks	high
119899	EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1410)	Nessus	Huawei Local Security Checks	high
119112	RHEL 6 : MRG (RHSA-2018:3586)	Nessus	Red Hat Local Security Checks	high
119075	RHEL 6 : kernel (RHSA-2018:3643)	Nessus	Red Hat Local Security Checks	high
119059	EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1368)	Nessus	Huawei Local Security Checks	high
118948	RHEL 7 : kernel (RHSA-2018:3591)	Nessus	Red Hat Local Security Checks	high
118947	RHEL 7 : kernel (RHSA-2018:3590)	Nessus	Red Hat Local Security Checks	high
118946	RHEL 7 : kernel (RHSA-2018:3540)	Nessus	Red Hat Local Security Checks	high
118756	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1362)	Nessus	Huawei Local Security Checks	high
118743	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1360)	Nessus	Huawei Local Security Checks	high
118439	EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1351)	Nessus	Huawei Local Security Checks	high
118223	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3238-1)	Nessus	SuSE Local Security Checks	high
118173	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3171-1)	Nessus	SuSE Local Security Checks	high
118165	RHEL 6 : kernel (RHSA-2018:2933)	Nessus	Red Hat Local Security Checks	high
118164	RHEL 6 : kernel (RHSA-2018:2925)	Nessus	Red Hat Local Security Checks	high
118163	RHEL 6 : kernel (RHSA-2018:2924)	Nessus	Red Hat Local Security Checks	high
118107	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4250)	Nessus	Oracle Linux Local Security Checks	high
118057	Scientific Linux Security Update : kernel on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
118055	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4245) (Foreshadow)	Nessus	Oracle Linux Local Security Checks	high
118042	Amazon Linux 2 : kernel (ALAS-2018-1087)	Nessus	Amazon Linux Local Security Checks	high
118033	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3083-1)	Nessus	SuSE Local Security Checks	high
118028	RHEL 6 : kernel (RHSA-2018:2846)	Nessus	Red Hat Local Security Checks	high
118025	Oracle Linux 6 : kernel (ELSA-2018-2846)	Nessus	Oracle Linux Local Security Checks	high
118018	CentOS 6 : kernel (CESA-2018:2846)	Nessus	CentOS Local Security Checks	high
117924	Amazon Linux AMI : kernel (ALAS-2018-1087)	Nessus	Amazon Linux Local Security Checks	high
117869	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3775-1)	Nessus	Ubuntu Local Security Checks	high
117849	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4234)	Nessus	Oracle Linux Local Security Checks	high
117848	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4233)	Nessus	Oracle Linux Local Security Checks	high
117847	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4230)	Nessus	Oracle Linux Local Security Checks	high
117846	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0261)	Nessus	OracleVM Local Security Checks	high
117829	CentOS 7 : kernel (CESA-2018:2748)	Nessus	CentOS Local Security Checks	high
117824	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)	Nessus	SuSE Local Security Checks	high
117823	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2907-1)	Nessus	SuSE Local Security Checks	high
117820	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2879-1)	Nessus	SuSE Local Security Checks	high
117787	Scientific Linux Security Update : kernel on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
117776	RHEL 7 : kernel-rt (RHSA-2018:2763)	Nessus	Red Hat Local Security Checks	high
117773	RHEL 7 : kernel (RHSA-2018:2748)	Nessus	Red Hat Local Security Checks	high
117765	Oracle Linux 7 : kernel (ELSA-2018-2748)	Nessus	Oracle Linux Local Security Checks	high