CVE-2018-14634

Name: CVE-2018-14634
Creator: NVD / NIST
Published: 2018-09-25T21:29:00.39+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownActively ExploitedEPSS 14.81%

Last modified Jun 17, 2026

CVE-2018-14634 is a vulnerability of currently unknown severity. An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. CISA has confirmed active exploitation in the wild. EPSS estimates a 14.81% chance of exploitation in the next 30 days.

Description

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

Metrics

EPSS Probability

14.81%

96.3th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Feb 16, 2026.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Paloaltonetworks	Pan-Os	>= 7.1.0, < 7.1.23
Paloaltonetworks	Pan-Os	>= 8.0.0, < 8.0.16
Paloaltonetworks	Pan-Os	>= 8.1.0, < 8.1.7
F5	Big-Ip Access Policy Manager	>= 11.2.1, < 11.6.4
F5	Big-Ip Access Policy Manager	>= 12.1.0, < 12.1.5
F5	Big-Ip Access Policy Manager	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Access Policy Manager	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Access Policy Manager	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Advanced Firewall Manager	>= 11.2.1, < 11.6.4
F5	Big-Ip Advanced Firewall Manager	>= 12.1.0, < 12.1.5
F5	Big-Ip Advanced Firewall Manager	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Advanced Firewall Manager	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Advanced Firewall Manager	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Analytics	>= 11.2.1, < 11.6.4
F5	Big-Ip Analytics	>= 12.1.0, < 12.1.5
F5	Big-Ip Analytics	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Analytics	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Analytics	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Application Acceleration Manager	>= 11.2.1, < 11.6.4
F5	Big-Ip Application Acceleration Manager	>= 12.1.0, < 12.1.5
F5	Big-Ip Application Acceleration Manager	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Application Acceleration Manager	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Application Acceleration Manager	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Application Security Manager	>= 11.2.1, < 11.6.4
F5	Big-Ip Application Security Manager	>= 12.1.0, < 12.1.5
F5	Big-Ip Application Security Manager	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Application Security Manager	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Application Security Manager	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Domain Name System	>= 11.2.1, < 11.6.4
F5	Big-Ip Domain Name System	>= 12.1.0, < 12.1.5
F5	Big-Ip Domain Name System	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Domain Name System	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Domain Name System	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Edge Gateway	>= 11.2.1, < 11.6.4
F5	Big-Ip Edge Gateway	>= 12.1.0, < 12.1.5
F5	Big-Ip Edge Gateway	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Edge Gateway	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Edge Gateway	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Fraud Protection Service	>= 11.2.1, < 11.6.4
F5	Big-Ip Fraud Protection Service	>= 12.1.0, < 12.1.5
F5	Big-Ip Fraud Protection Service	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Fraud Protection Service	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Fraud Protection Service	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Global Traffic Manager	>= 11.2.1, < 11.6.4
F5	Big-Ip Global Traffic Manager	>= 12.1.0, < 12.1.5
F5	Big-Ip Global Traffic Manager	>= 13.0.0, < 13.1.1.5
F5	Big-Ip Global Traffic Manager	>= 14.0.0, < 14.0.1.1
F5	Big-Ip Global Traffic Manager	>= 14.1.0, < 14.1.0.6
F5	Big-Ip Link Controller	>= 11.2.1, < 11.6.4
F5	Big-Ip Link Controller	>= 12.1.0, < 12.1.5

Showing 50 of 97 affected configurations. See NVD for the full list.

References

http://www.openwall.com/lists/oss-security/2021/07/20/2Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/105407Broken Link, Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:2748Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2763Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2846Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2924Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2925Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2933Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3540Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3586Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3590Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3591Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3643Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634Issue Tracking, Third Party Advisory
https://security.netapp.com/advisory/ntap-20190204-0002/Patch, Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-14634Third Party Advisory
https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSSThird Party Advisory
https://usn.ubuntu.com/3775-1/Third Party Advisory
https://usn.ubuntu.com/3775-2/Third Party Advisory
https://usn.ubuntu.com/3779-1/Third Party Advisory
https://www.exploit-db.com/exploits/45516/Exploit, Third Party Advisory, VDB Entry
https://www.openwall.com/lists/oss-security/2018/09/25/4Exploit, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/07/20/2Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/105407Broken Link, Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:2748Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2763Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2846Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2924Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2925Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2933Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3540Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3586Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3590Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3591Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3643Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634Issue Tracking, Third Party Advisory
https://security.netapp.com/advisory/ntap-20190204-0002/Patch, Third Party Advisory
https://security.paloaltonetworks.com/CVE-2018-14634Third Party Advisory
https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSSThird Party Advisory
https://usn.ubuntu.com/3775-1/Third Party Advisory
https://usn.ubuntu.com/3775-2/Third Party Advisory
https://usn.ubuntu.com/3779-1/Third Party Advisory
https://www.exploit-db.com/exploits/45516/Exploit, Third Party Advisory, VDB Entry
https://www.openwall.com/lists/oss-security/2018/09/25/4Exploit, Mailing List, Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634US Government Resource

Timeline

Published: Sep 25, 2018
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2018-14634?

How severe is CVE-2018-14634?

Severity scoring for CVE-2018-14634 is pending analysis. The EPSS model estimates a 14.81% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2018-14634?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-14634?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST