VIR Vulnerability Intelligence Relay

CVE-2018-14634

unknown KEV
Published 2026-01-26 ยท Modified 2026-01-26
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
2.5

Description

Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.

CISA KEV

Vendor
Linux
Product
Kernel
Due date
2026-02-16

Predictions

Exploit likelihood
99%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27
{Vendor advisory: cisa-kev โ€” This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/ ; https://www.kernel.org/ ; https://www.cve.org/CVERecord?id=CVE-2018-14634 ; https://access.redhat.com/errata/RHSA-2018:3540 ; https://nvd.nist.gov/vuln/detail/CVE-2018-14634}

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-45516 local linux_x86-64
Qualys Corporation ยท 2018-09-26

Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation

Source code queued for fetch โ€” refresh in a moment.

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
โ€” Affected โ€”
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 4.12.6-1
sid Fixed 4.12.6-1
forky Fixed 4.12.6-1
bullseye Fixed 4.12.6-1
bookworm Fixed 4.12.6-1

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.