Cyber Resilience

CVE-2018-14634

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 25 September 2018

Published
25 September 2018
Modified
27 January 2026
KEV Added
26 January 2026
Patch
CVSS Score v3 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2057 95.7th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-14634 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in F5 Big-Ip Access Policy Manager. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function, tracked as CVE-2018-14634 and CWE-190. The issue affects kernel versions 2.6.x, 3.10.x, and 4.14.x and carries a CVSS 3.0 base score of 7.8.

An unprivileged local user with access to an SUID binary or other privileged executable can exploit the flaw to escalate privileges on the affected system. The attack requires local access but no user interaction and results in full compromise of confidentiality, integrity, and availability.

Red Hat has published errata RHSA-2018:2748, RHSA-2018:2763, and RHSA-2018:2846 that provide updated kernels; additional details appear in the referenced Openwall and SecurityFocus entries. No information on observed in-the-wild exploitation is supplied in the source data.

EU & UK References

Vulnerability details

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and…

more

4.14.x are believed to be vulnerable.

CWE(s)
KEV Date Added
26 January 2026

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

paloaltonetworks
pan-os
7.1.0 — 7.1.23 · 8.0.0 — 8.0.16 · 8.1.0 — 8.1.7
f5
big-ip access policy manager
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip advanced firewall manager
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip analytics
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip application acceleration manager
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip application security manager
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip domain name system
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip edge gateway
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip fraud protection service
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
f5
big-ip global traffic manager
11.2.1 — 11.6.4 · 12.1.0 — 12.1.5 · 13.0.0 — 13.1.1.5
+18 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires installation of the vendor kernel patches (RHSA-2018:2748 etc.) that eliminate the integer-overflow flaw in create_elf_tables().

prevent

Enforces least-privilege execution so that only the minimal set of users may invoke SUID binaries that trigger the vulnerable code path.

prevent

Restricts the system to the least functionality by removing or disabling unnecessary SUID binaries that an unprivileged user could otherwise abuse.

References