CVE-2018-14634

HIGH KEV

Linux kernel <4.14 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-14634 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 26, 2026. EIP tracks 2 public exploits from researchers including Qualys Corporation, luan0ap.

AI-analyzed exploit summary This exploit leverages a stack-based buffer overflow in the Linux kernel's `execve` system call to achieve local privilege escalation. It manipulates environment variables and command-line arguments to trigger the vulnerability, requiring significant memory resources.

Description

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.

Exploits (2)

exploitdb WORKING POC
by Qualys Corporation · clocallinux_x86-64
https://www.exploit-db.com/exploits/45516

This exploit leverages a stack-based buffer overflow in the Linux kernel's `execve` system call to achieve local privilege escalation. It manipulates environment variables and command-line arguments to trigger the vulnerability, requiring significant memory resources.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel versions before 4.18.1
No auth needed
Prerequisites: System with at least 32GB of RAM · Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by luan0ap · local
https://github.com/luan0ap/cve-2018-14634

This is a proof-of-concept exploit for CVE-2018-14634, a Linux kernel vulnerability affecting versions 2.6.x, 3.10.x, and 4.14.x. The exploit leverages a buffer overflow in the kernel's argument handling to achieve local privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux Kernel versions 2.6.x, 3.10.x, and 4.14.x
No auth needed
Prerequisites: Local access to the targeted system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3540
Patch, Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190204-0002/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2925
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3591
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45516/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3775-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2933
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3779-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2748
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3590
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3775-2/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2763
Third Party Advisory, VDB Entry, Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105407
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2924
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3586
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3643
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2846
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://www.openwall.com/lists/oss-security/2018/09/25/4
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634
Third Party Advisory x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2018-14634
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/07/20/2

Scores

CVSS v3 7.8
EPSS 0.2057
EPSS Percentile 95.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-01-26
VulnCheck KEV 2026-01-26
ENISA EUVD EUVD-2018-6537
CWE
CWE-190
Status published
Products (39)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
f5/big-ip_access_policy_manager 11.2.1 - 11.6.4
f5/big-ip_advanced_firewall_manager 11.2.1 - 11.6.4
f5/big-ip_analytics 11.2.1 - 11.6.4
f5/big-ip_application_acceleration_manager 11.2.1 - 11.6.4
f5/big-ip_application_security_manager 11.2.1 - 11.6.4
f5/big-ip_domain_name_system 11.2.1 - 11.6.4
f5/big-ip_edge_gateway 11.2.1 - 11.6.4
f5/big-ip_fraud_protection_service 11.2.1 - 11.6.4
... and 29 more
Published Sep 25, 2018
KEV Added Jan 26, 2026
Tracked Since Feb 18, 2026