⚠ Actively exploited
Added to CISA KEV on 2026-01-26. Federal agencies required to patch by 2026-02-16. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2018-14634

CWE-190Integer Overflow16 documents12 sources
Severity
7.8HIGH
EPSS
22.4%
top 4.18%
CISA KEV
KEV
Added 2026-01-26
Due 2026-02-16
Exploit
PoC available
Public exploit / PoC exists
Affected products
28
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+25 more
Timeline
PublishedSep 25
KEV addedJan 26
Latest updateFeb 2
KEV dueFeb 16
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages25 packages

CVEListV5the_linux_foundation/kernel2.6.x, 3.10.x, 4.14.x
NVDlinux/linux_kernel2.6.02.6.39.4+2
NVDf5/big-ip_domain_name_system11.2.111.6.4+4
NVDf5/big-ip_access_policy_manager11.2.111.6.4+4
NVDf5/big-ip_local_traffic_manager11.2.111.6.4+4

Also affects: Ubuntu Linux 12.04, 14.04, Enterprise Linux 6.5, 6.6, 7.6, 6.7, 7.5

Patches

Patch: security.netapp.comPatch: security.netapp.com

🔴Vulnerability Details

5
GHSA
GHSA-4994-8w6g-9jvw: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function2022-05-13
OSV
linux vulnerabilities2018-10-01
OSV
CVE-2018-14634: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function2018-09-25
CVEList
CVE-2018-14634: An integer overflow flaw was found in the Linux kernel's create_elf_tables() function2018-09-25
VulnCheck
Linux Kernel Integer Overflow Vulnerability2018

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation2018-09-26

📋Vendor Advisories

6
CISA
Linux Kernel Integer Overflow Vulnerability2026-01-26
Ubuntu
Linux kernel vulnerabilities2018-10-02
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-10-01
Ubuntu
Linux kernel vulnerabilities2018-10-01
Red Hat
kernel: Integer overflow in Linux's create_elf_tables function2018-09-25

🕵️Threat Intelligence

2
Qualys
Mutagen Astronomy: From Discovery to CISA Recognition—A Seven-Year Journey2026-02-02
Qualys
Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEV | Qualys2026-02-02

💬Community

1
Bugzilla
CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function2018-08-31
CVE-2018-14634 (HIGH CVSS 7.8) | An integer overflow flaw was found | cvebase.io