CVE-2018-14634
Published: 25 September 2018
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
From the Ubuntu security team
It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges.
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-16.19)
|
cosmic |
Not vulnerable
(4.15.0-20.21)
|
|
precise |
Released
(3.2.0-136.182)
|
|
trusty |
Released
(3.13.0-160.210)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-93.116)
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
cosmic |
Not vulnerable
(4.15.0-1007.7)
|
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1032.41)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
cosmic |
Not vulnerable
(4.15.0-1009.9)
|
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-1004.4~18.04.1)
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Not vulnerable
(4.15.0-1002.2)
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-9029.31)
|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
cosmic |
Not vulnerable
(4.15.0-1006.6)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.13.0-1002.5)
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(end-of-life)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(end-of-life)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.13.0-26.29~16.04.2)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-11.12~18.04.1)
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.13.0-26.29~16.04.2)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
cosmic |
Not vulnerable
(4.15.0-1008.8)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1007.12)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Released
(3.13.0-160.210~precise1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [out of standard support])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [out of standard support])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [out of standard support])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.4.0-93.116~14.04.1)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.3)
|
cosmic |
Not vulnerable
(4.15.0-1004.5)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Not vulnerable
(4.13.0-1008.9)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-1005.5)
|
cosmic |
Not vulnerable
(4.15.0-1010.11)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1071.79)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1073.78)
|
Notes
Author | Note |
---|---|
tyhicks | "Only kernels with commit b6a2fea39318 ("mm: variable length argument support", from July 19, 2007) but without commit da029c11e6b1 ("exec: Limit arg stack to at most 75% of _STK_LIM", from July 7, 2017) are exploitable." This flaw can only be exploited on systems with greater than 32 GB of RAM |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14634
- https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
- https://ubuntu.com/security/notices/USN-3775-1
- https://ubuntu.com/security/notices/USN-3775-2
- https://ubuntu.com/security/notices/USN-3779-1
- NVD
- Launchpad
- Debian