Linux Kernel 'create_elf_tables()' Function Local Integer Overflow Vulnerability

Linux kernel is prone to a local integer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

Information

Bugtraq ID: 105407
Class: Boundary Condition Error
CVE: CVE-2018-14634

Remote: No
Local: Yes
Published: Sep 25 2018 12:00AM
Updated: Oct 30 2018 10:00AM
Credit: Qualys Research Labs.
Vulnerable: Redhat Enterprise Mrg 2
Redhat Enterprise Linux 6
Oracle VM Server for x86 3.4
Oracle Linux 6.0
Linux kernel 4.17.3
Linux kernel 4.17.2
Linux kernel 4.17.1
Linux kernel 4.16.11
Linux kernel 4.16.9
Linux kernel 4.16.6
Linux kernel 4.16.3
Linux kernel 4.15.14
Linux kernel 4.15.11
Linux kernel 4.15.9
Linux kernel 4.15.4
Linux kernel 4.14.13
Linux kernel 4.14.11
Linux kernel 4.14.10
Linux kernel 4.14.6
Linux kernel 4.14.5
Linux kernel 4.14.1
Linux kernel 4.13.11
Linux kernel 4.13.10
Linux kernel 4.13.9
Linux kernel 4.13.8
Linux kernel 4.13.7
Linux kernel 4.13.6
Linux kernel 4.13.4
Linux kernel 4.13.3
Linux kernel 4.12.3
Linux kernel 4.12.2
Linux kernel 4.11.9
Linux kernel 4.11.5
Linux kernel 4.11.4
Linux kernel 4.11.3
Linux kernel 4.11.2
Linux kernel 4.11.1
Linux kernel 4.11
Linux kernel 4.10.15
Linux kernel 4.10.13
Linux kernel 4.10.12
Linux kernel 4.10.10
Linux kernel 4.10.6
Linux kernel 4.10.4
Linux kernel 4.10
Linux kernel 4.9.13
Linux kernel 4.9.8
Linux kernel 4.9.4
Linux kernel 4.9.3
Linux kernel 4.7.4
Linux kernel 4.4.30
Linux kernel 4.4.29
Linux kernel 4.4.28
Linux kernel 4.4.27
Linux kernel 4.4.25
Linux kernel 4.4.24
Linux kernel 4.4.23
Linux kernel 4.4.22
Linux kernel 4.4.7
Linux kernel 4.4.2
Linux kernel 4.2.3
Linux kernel 4.1.4
Linux kernel 4.1.1
Linux kernel 4.0.6
Linux kernel 3.19.3
Linux kernel 3.18.22
Linux kernel 3.18.17
Linux kernel 3.18.11
Linux kernel 3.18.8
Linux kernel 3.18.7
Linux kernel 3.18.3
Linux kernel 3.18.2
Linux kernel 3.18.1
Linux kernel 3.17.4
Linux kernel 3.17.2
Linux kernel 3.16.7
Linux kernel 3.16.2
Linux kernel 3.16.1
Linux kernel 3.15.10
Linux kernel 3.15.5
Linux kernel 3.15.2
Linux kernel 3.14.54
Linux kernel 3.14.45
Linux kernel 3.14.37
Linux kernel 3.14.4
Linux kernel 3.14.3
Linux kernel 3.14.2
Linux kernel 3.13.11
Linux kernel 3.13.9
Linux kernel 3.13.3
Linux kernel 3.13.1
Linux kernel 3.12.49
Linux kernel 3.12.48
Linux kernel 3.12.44
Linux kernel 3.12.40
Linux kernel 3.12.21
Linux kernel 3.12.18
Linux kernel 3.12.17
Linux kernel 3.12.16
Linux kernel 3.12.11
Linux kernel 3.12.7
Linux kernel 3.12.4
Linux kernel 3.12.3
Linux kernel 3.12.2
Linux kernel 3.11.3
Linux kernel 3.10.90
Linux kernel 3.10.81
Linux kernel 3.10.73
Linux kernel 3.10.45
Linux kernel 3.10.41
Linux kernel 3.10.38
Linux kernel 3.10.37
Linux kernel 3.10.36
Linux kernel 3.10.30
Linux kernel 3.10.27
Linux kernel 3.10.26
Linux kernel 3.10.23
Linux kernel 3.10.22
Linux kernel 3.10.21
Linux kernel 3.10.14
Linux kernel 3.10.10
Linux kernel 3.10.9
Linux kernel 3.10.7
Linux kernel 3.10
Linux kernel 3.8.9
Linux kernel 3.8.6
Linux kernel 3.8.5
Linux kernel 3.8.4
Linux kernel 3.8.2
Linux kernel 3.8.1
Linux kernel 3.7.10
Linux kernel 3.7.9
Linux kernel 3.7.8
Linux kernel 3.7.7
Linux kernel 3.7.5
Linux kernel 3.7.4
Linux kernel 3.7.3
Linux kernel 3.7.2
Linux kernel 3.7.1
Linux kernel 3.6.11
Linux kernel 3.6.10
Linux kernel 3.6.9
Linux kernel 3.6.8
Linux kernel 3.6.7
Linux kernel 3.6.6
Linux kernel 3.6.5
Linux kernel 3.6.4
Linux kernel 3.6.3
Linux kernel 3.6.2
Linux kernel 3.6.1
Linux kernel 3.5.7
Linux kernel 3.5.6
Linux kernel 3.5.5
Linux kernel 3.5.4
Linux kernel 3.5.3
Linux kernel 3.5.2
Linux kernel 3.5.1
Linux kernel 3.4.88
Linux kernel 3.4.87
Linux kernel 3.4.86
Linux kernel 3.4.80
Linux kernel 3.4.76
Linux kernel 3.4.73
Linux kernel 3.4.72
Linux kernel 3.4.71
Linux kernel 3.4.64
Linux kernel 3.4.58
Linux kernel 3.4.42
Linux kernel 3.4.36
Linux kernel 3.4.32
Linux kernel 3.4.31
Linux kernel 3.4.27
Linux kernel 3.4.26
Linux kernel 3.4.25
Linux kernel 3.4.21
Linux kernel 3.4.20
Linux kernel 3.4.19
Linux kernel 3.4.18
Linux kernel 3.4.17
Linux kernel 3.4.16
Linux kernel 3.4.15
Linux kernel 3.4.14
Linux kernel 3.4.13
Linux kernel 3.4.12
Linux kernel 3.4.11
Linux kernel 3.4.10
Linux kernel 3.4.9
Linux kernel 3.4.8
Linux kernel 3.4.7
Linux kernel 3.4.6
Linux kernel 3.4.5
Linux kernel 3.4.4
Linux kernel 3.4.3
Linux kernel 3.4.2
Linux kernel 3.4.1
Linux kernel 4.9.9
Linux kernel 4.9.11
Linux kernel 4.9
Linux kernel 4.8.7
Linux kernel 4.8.6
Linux kernel 4.8.3
Linux kernel 4.8.13
Linux kernel 4.8.12
Linux kernel 4.8.1
Linux kernel 4.8 rc1
Linux kernel 4.8
Linux kernel 4.7.9
Linux kernel 4.7-rc6
Linux kernel 4.7-rc5
Linux kernel 4.7-rc1
Linux kernel 4.6.3
Linux kernel 4.6.2
Linux kernel 4.6.1
Linux kernel 4.6 rc7
Linux kernel 4.6 rc6
Linux kernel 4.6
Linux kernel 4.5.5
Linux kernel 4.5
Linux kernel 4.4.38
Linux kernel 4.4.26
Linux kernel 4.4.14
Linux kernel 4.4.1
Linux kernel 4.4.0-57
Linux kernel 4.4
Linux kernel 4.3.3
Linux kernel 4.3-rc1
Linux kernel 4.2.8
Linux kernel 4.2
Linux kernel 4.17.4
Linux kernel 4.17.11
Linux kernel 4.17.10
Linux kernel 4.16-rc7
Linux kernel 4.16-rc6
Linux kernel 4.16-rc
Linux kernel 4.16
Linux kernel 4.15.8
Linux kernel 4.15.7
Linux kernel 4.15.16
Linux kernel 4.15-rc5
Linux kernel 4.15
Linux kernel 4.14.8
Linux kernel 4.14.7
Linux kernel 4.14.4
Linux kernel 4.14.3
Linux kernel 4.14.2
Linux kernel 4.14.15
Linux kernel 4.14.14
Linux kernel 4.14
Linux kernel 4.13.5
Linux kernel 4.13.2
Linux kernel 4.13.1
Linux kernel 4.13
Linux kernel 4.12.10
Linux kernel 4.12-rc1
Linux kernel 4.12
Linux kernel 4.11.8
Linux kernel 4.11.7
Linux kernel 4.11
Linux kernel 4.10.9
Linux kernel 4.10.8
Linux kernel 4.10.7
Linux kernel 4.10.5
Linux kernel 4.10.3
Linux kernel 4.10.2
Linux kernel 4.10.11
Linux kernel 4.10.1
Linux kernel 4.10-rc8
Linux kernel 4.10-rc1
Linux kernel 4.1.15
Linux kernel 4.1
Linux kernel 4.0.5
Linux kernel 4.0
Linux kernel 3.9.8
Linux kernel 3.9.4
Linux kernel 3.9-rc7
Linux kernel 3.9
Linux kernel 3.8-rc1
Linux kernel 3.8
Linux kernel 3.7.6
Linux kernel 3.7-rc1
Linux kernel 3.7
Linux kernel 3.6-rc1
Linux kernel 3.6
Linux kernel 3.5
Linux kernel 3.4.93
Linux kernel 3.4.81
Linux kernel 3.4.70
Linux kernel 3.4.67
Linux kernel 3.4.29
Linux kernel 3.4
Linux kernel 3.19
Linux kernel 3.18.9
Linux kernel 3.18
Linux kernel 3.17.6
Linux kernel 3.17
Linux kernel 3.16.6
Linux kernel 3.16.36
Linux kernel 3.16
Linux kernel 3.15-rc3
Linux kernel 3.15-rc2
Linux kernel 3.15-rc1
Linux kernel 3.15
Linux kernel 3.14.79
Linux kernel 3.14.73
Linux kernel 3.14.7
Linux kernel 3.14.5
Linux kernel 3.14-rc7
Linux kernel 3.14-rc4
Linux kernel 3.14-rc3
Linux kernel 3.14-rc2
Linux kernel 3.14-rc1
Linux kernel 3.14-4
Linux kernel 3.14-1
Linux kernel 3.14
Linux kernel 3.13.7
Linux kernel 3.13.6
Linux kernel 3.13.5
Linux kernel 3.13.4
Linux kernel 3.13.0
Linux kernel 3.13-rc1
Linux kernel 3.13
Linux kernel 3.12.22
Linux kernel 3.12.15
Linux kernel 3.12.14
Linux kernel 3.12.12
Linux kernel 3.12.1
Linux kernel 3.12
Linux kernel 3.11.9
Linux kernel 3.11.6
Linux kernel 3.11-rc7
Linux kernel 3.11-rc4
Linux kernel 3.11-rc1
Linux kernel 3.11
Linux kernel 3.10.5
Linux kernel 3.10.43
Linux kernel 3.10.31
Linux kernel 3.10.20
Linux kernel 3.10.17
Linux kernel 3.10-rc5
Linux kernel 3.10

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

Bug 1624498 - (CVE-2018-14634) CVE-2018-14634 kernel: Integer overflow in Linux' (Red Hat Bugzilla)
CVE-2018-14634 (Red Hat Bugzilla)
exec: Limit arg stack to at most 75% of _STK_LIM (Linux)
Integer overflow in Linux's create_elf_tables() (CVE-2018-14634) (Qualys Security Advisory)
Linux kernel Homepage (kernel.org)
mm: variable length argument support (Linux)
Oracle Linux Bulletin - October 2018 (Oracle)
Oracle VM Server for x86 Bulletin - October 2018 (Oracle)

Source: www.securityfocus.com

Exploit Collector

Search Exploit