🟢 CVE-2018-14634

CVE-2018-14634 is a local privilege escalation vulnerability in the Linux kernel's create_elf_tables() function that allows unprivileged users to gain root privileges. Despite being in CISA KEV, this requires local access and cannot be exploited directly from the internet.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2018-09-25

Added to CISA KEV: 2026-01-26 2680 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2018-14634, also known as "Mutagen Astronomy," is a significant local privilege escalation vulnerability in the Linux kernel [1].

Overview and Impact
  • Vulnerability Type: An integer overflow flaw located in the Linux kernel's `create_elf_tables()` function [3].
  • Impact: Successful exploitation allows an unprivileged local user to escalate their privileges to root on the target system [7].
  • Scope: The vulnerability affects 64-bit systems; 32-bit systems are not affected as they lack the necessary address space to trigger the flaw [6].
Exploitation Details
  • Method: The attack involves exploiting the way the kernel handles ELF (Executable and Linkable Format) tables. An attacker can leverage SUID (Set-user-ID) or other privileged binaries to trigger the integer overflow, which can then be used to override environment variables or manipulate execution flow to gain elevated access [1].
  • Requirements: This is a local vulnerability. It requires the attacker to already have unprivileged access to the system. It does not require user interaction beyond the execution of the exploit code by the local user [3].
  • PoC Availability: Proof-of-concept (PoC) exploit code has been publicly available online since shortly after the vulnerability's disclosure in 2018 (e.g., via Exploit-DB) [5].
Threat Landscape and Status
  • Active Exploitation: While disclosed in 2018, the vulnerability remains relevant. On January 26, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-14634 to its Known Exploited Vulnerabilities (KEV) catalog, indicating that it is being actively exploited in the wild [2].
  • Usage: Threat actors continue to seek out and utilize proven, reliable local privilege escalation paths like this one to further their objectives once they have established an initial foothold on a system [2].
Affected Versions and Mitigation
  • Affected Versions: The vulnerability affects Linux kernel versions 2.6.x, 3.10.x, and 4.14.x, specifically those containing commit `b6a2fea39318` but lacking the fix in `da029c11e6b1` [4] [7].
  • Patch Status: This vulnerability was addressed by Linux kernel maintainers and downstream distributions (such as Red Hat) in 2018. Systems should be updated to a kernel version that includes the security patch to mitigate this risk [1].

Sources

  1. Mutagen Astronomy - Local privilege escalation - CVE-2018-14634

    This issue has been assigned CVE-2018-14634 and has a security impact of Important Background information Mutagen Astronomy is the codename for a local user privilege escalation flaw. Setuid binaries usually sanitize or clear environment variables which can be used to override built-in functions wit…

  2. Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEV | Qualys

    For Qualys customers, this signal arrived earlier. Our Qualys Detection Score (QDS) rated CVE-2018-14634 at 88 out of 100 starting in 2022—flagging it as a high-priority target based on threat intelligence, exploit availability, and real-world risk indicators. Today, that score has risen to 95, refl…

  3. CVE-2018-14634 Detail - NVD

    An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) ...

  4. NVD - CVE-2018-14634

    CVE-2018-14634 Detail Description An integer overflow flaw was found in the Linux kernel's create_elf_tables () function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and…

  5. Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64 ...

    Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation. CVE-2018-14634 . local exploit for Linux_x86-64 platform…

  6. CVE-2018-14634 - Red Hat Customer Portal

    This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw.

  7. Integer Overflow in create_elf_tables() : CVE–2018-14634 – Qualys...

    An Integer overflow vulnerability has been disclosed by Qualys Research Labs. The vulnerability is assigned CVE-2018-14634. The issue affects kernels with commit b6a2fea39318 without da029c11e6b1. Red Hat Enterprise Linux and CentOS are vulnerable. Upon successful exploitation a local attacker can g…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed