CVE-2018-14634
CISA KEVPublished January 26, 2026 · Updated April 3, 2026
What This Means
## CVE-2018-14634: Linux Kernel Integer Overflow in create_elf_tables() An integer overflow in the Linux Kernel's `create_elf_tables()` function allows unprivileged local users to escalate privileges when executing SUID binaries. An attacker with local access can craft a malicious environment to trigger the overflow, bypass security checks, and gain root or elevated privileges. **Required actions:** Apply kernel patches immediately. Red Hat released fixes in RHSA-2018:2948 and later advisories. Ubuntu, Debian, and other distributions issued updates in September 2018. Verify SUID binary restrictions where possible and monitor execution logs for exploitation attempts using tools like auditd.
Official Description+
Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.
Affected Products
| Vendor | Product |
|---|---|
| Linux | Kernel |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2018-14634.