CVE-2018-14634
Published: 25 September 2018
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
From the Ubuntu security team
It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges.
Priority
High
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.13.0-16.19)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-93.116)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(3.13.0-160.210)
|
|
|
Patches: Introduced by b6a2fea39318e43fee84fa7b0b90d68bed92d2ba Fixed by da029c11e6b12f321f36dac8771e833b65cec962 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1001.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1032.41)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-1002.2)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1002.2)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(4.11.0-1009.9)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.18.0-1004.4~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(4.15.0-1002.2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-9029.31)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1001.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.13.0-1002.5)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.13.0-26.29~16.04.2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.18.0-11.12~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.13.0-26.29~16.04.2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1002.2)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1007.12)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [out of standard support])
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [out of standard support])
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [out of standard support])
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.4.0-93.116~14.04.1)
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored [abandoned])
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1002.3)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Not vulnerable
(4.13.0-1008.9)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.13.0-1005.5)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1071.79)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.13~rc1)
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1073.78)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Notes
| Author | Note |
|---|---|
| tyhicks | "Only kernels with commit b6a2fea39318 ("mm: variable length argument
support", from July 19, 2007) but without commit da029c11e6b1 ("exec: Limit
arg stack to at most 75% of _STK_LIM", from July 7, 2017) are exploitable."
This flaw can only be exploited on systems with greater than 32 GB of
RAM |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14634
- https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
- https://ubuntu.com/security/notices/USN-3775-1
- https://ubuntu.com/security/notices/USN-3775-2
- https://ubuntu.com/security/notices/USN-3779-1
- NVD
- Launchpad
- Debian