CVE-2018-14634
Published: 25 September 2018
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
From the Ubuntu Security Team
It was discovered that an integer overflow vulnerability existed in the Linux kernel when loading an executable to run. A local attacker could use this to gain administrative privileges.
Notes
Author | Note |
---|---|
tyhicks | "Only kernels with commit b6a2fea39318 ("mm: variable length argument support", from July 19, 2007) but without commit da029c11e6b1 ("exec: Limit arg stack to at most 75% of _STK_LIM", from July 7, 2017) are exploitable." This flaw can only be exploited on systems with greater than 32 GB of RAM |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
cosmic |
Not vulnerable
(4.15.0-20.21)
|
bionic |
Not vulnerable
(4.13.0-16.19)
|
|
trusty |
Released
(3.13.0-160.210)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-93.116)
|
|
Patches: Introduced by b6a2fea39318e43fee84fa7b0b90d68bed92d2ba |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
cosmic |
Not vulnerable
(4.15.0-1007.7)
|
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1032.41)
|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
cosmic |
Not vulnerable
(4.15.0-1009.9)
|
|
trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-1004.4~18.04.1)
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Not vulnerable
(4.15.0-1002.2)
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-9029.31)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
cosmic |
Not vulnerable
(4.15.0-1006.6)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.13.0-1002.5)
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(end of life)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.13.0-26.29~16.04.2)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-11.12~18.04.1)
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.13.0-26.29~16.04.2)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
cosmic |
Not vulnerable
(4.15.0-1008.8)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1007.12)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Released
(4.4.0-93.116~14.04.1)
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.3)
|
cosmic |
Not vulnerable
(4.15.0-1004.5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Not vulnerable
(4.13.0-1008.9)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-1005.5)
|
cosmic |
Not vulnerable
(4.15.0-1010.11)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1071.79)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.13~rc1)
|
|
xenial |
Released
(4.4.0-1073.78)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14634
- https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt
- https://ubuntu.com/security/notices/USN-3775-1
- https://ubuntu.com/security/notices/USN-3775-2
- https://ubuntu.com/security/notices/USN-3779-1
- NVD
- Launchpad
- Debian