CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/07/20/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/105407	Third Party Advisory VDB Entry Broken Link
https://access.redhat.com/errata/RHSA-2018:2748	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2763	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2846	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2924	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2925	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2933	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3540	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3586	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3590	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3591	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3643	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20190204-0002/	Patch Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-14634	Third Party Advisory
https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSS	Third Party Advisory
https://usn.ubuntu.com/3775-1/	Third Party Advisory
https://usn.ubuntu.com/3775-2/	Third Party Advisory
https://usn.ubuntu.com/3779-1/	Third Party Advisory
https://www.exploit-db.com/exploits/45516/	Exploit Third Party Advisory VDB Entry
https://www.openwall.com/lists/oss-security/2018/09/25/4	Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/07/20/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/105407	Third Party Advisory VDB Entry Broken Link
https://access.redhat.com/errata/RHSA-2018:2748	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2763	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2846	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2924	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2925	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2933	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3540	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3586	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3590	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3591	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3643	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634	Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20190204-0002/	Patch Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-14634	Third Party Advisory
https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSS	Third Party Advisory
https://usn.ubuntu.com/3775-1/	Third Party Advisory
https://usn.ubuntu.com/3775-2/	Third Party Advisory
https://usn.ubuntu.com/3779-1/	Third Party Advisory
https://www.exploit-db.com/exploits/45516/	Exploit Third Party Advisory VDB Entry
https://www.openwall.com/lists/oss-security/2018/09/25/4	Exploit Mailing List Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
cpe:2.3:a:f5:big-ip_webaccelerator::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:f5:big-iq_centralized_management::::::::
	cpe:2.3:a:f5:big-iq_centralized_management::::::::
	cpe:2.3:a:f5:big-iq_centralized_management::::::::
	cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:::::::*
	cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:::::::*
	cpe:2.3:a:f5:enterprise_manager:3.1.1:::::::*
	cpe:2.3:a:f5:iworkflow::::::::
	cpe:2.3:a:f5:traffix_signaling_delivery_controller::::::::
	cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 5 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Configuration 7 (hide)

cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*

History

27 Jan 2026, 15:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:::::::*	cpe:2.3:a:f5:big-ip_global_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_link_controller:::::::: cpe:2.3:a:f5:big-iq_centralized_management:::::::: cpe:2.3:a:f5:big-ip_policy_enforcement_manager:::::::: cpe:2.3:a:f5:big-ip_application_acceleration_manager:::::::: cpe:2.3:a:f5:traffix_signaling_delivery_controller:::::::: cpe:2.3:a:netapp:snapprotect:-:::::::* cpe:2.3:a:f5:big-ip_application_security_manager:::::::: cpe:2.3:a:f5:enterprise_manager:3.1.1:::::::* cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:::::::* cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:::::::* cpe:2.3:a:f5:big-ip_access_policy_manager:::::::: cpe:2.3:a:f5:big-ip_fraud_protection_service:::::::: cpe:2.3:a:f5:big-ip_webaccelerator:::::::: cpe:2.3:a:f5:big-ip_local_traffic_manager:::::::: cpe:2.3:a:f5:big-ip_domain_name_system:::::::: cpe:2.3:a:f5:big-ip_edge_gateway:::::::: cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:a:f5:big-ip_advanced_firewall_manager:::::::: cpe:2.3:a:f5:iworkflow:::::::: cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:::::::* cpe:2.3:a:f5:big-ip_analytics::::::::
References	~~() http://www.openwall.com/lists/oss-security/2021/07/20/2 -~~	() http://www.openwall.com/lists/oss-security/2021/07/20/2 - Mailing List, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/105407 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/105407 - Third Party Advisory, VDB Entry, Broken Link
References	~~() https://security.paloaltonetworks.com/CVE-2018-14634 -~~	() https://security.paloaltonetworks.com/CVE-2018-14634 - Third Party Advisory
References	~~() https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSS -~~	() https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSS - Third Party Advisory
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634 - US Government Resource
First Time		Paloaltonetworks Paloaltonetworks pan-os F5 big-ip Application Security Manager F5 big-ip Application Acceleration Manager F5 big-ip Access Policy Manager F5 iworkflow F5 big-ip Fraud Protection Service F5 big-ip Edge Gateway F5 big-iq Centralized Management F5 big-ip Webaccelerator F5 big-ip Advanced Firewall Manager F5 big-ip Policy Enforcement Manager F5 big-ip Link Controller F5 big-ip Analytics F5 big-ip Local Traffic Manager F5 F5 big-iq Cloud And Orchestration F5 traffix Signaling Delivery Controller Netapp snapprotect F5 big-ip Domain Name System F5 enterprise Manager F5 big-ip Global Traffic Manager

26 Jan 2026, 21:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634 -

21 Nov 2024, 03:49

Information

Published : 2018-09-25 21:29

Updated : 2026-01-27 15:55

NVD link : CVE-2018-14634

Mitre link : CVE-2018-14634

CVE.ORG link : CVE-2018-14634

JSON object : View

Products Affected

big-ip_application_security_manager
big-ip_domain_name_system
iworkflow
big-ip_global_traffic_manager
big-ip_advanced_firewall_manager
big-ip_access_policy_manager
big-ip_edge_gateway
big-ip_application_acceleration_manager
enterprise_manager
big-ip_webaccelerator
big-iq_cloud_and_orchestration
traffix_signaling_delivery_controller
big-ip_link_controller
big-iq_centralized_management
big-ip_fraud_protection_service
big-ip_local_traffic_manager
big-ip_policy_enforcement_manager
big-ip_analytics

paloaltonetworks

pan-os

redhat

enterprise_linux_workstation
enterprise_linux_server_eus
enterprise_linux_server_aus
enterprise_linux_server_tus
enterprise_linux_desktop
enterprise_linux_server

netapp

snapprotect

canonical

ubuntu_linux

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

7.8 /10