An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.
2018-09-25T21:29:00.390
2024-11-21T03:49:28.560
Modified
CVSSv3.0: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | ≤ 2.6.39.4 | Yes |
| Operating System | linux | linux_kernel | ≤ 3.10.102 | Yes |
| Operating System | linux | linux_kernel | ≤ 4.14.54 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 6.5 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 6.6 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 6.7 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 7.5 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 6.6 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 7.6 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Application | netapp | active_iq_performance_analytics_services | - | Yes |