CVE-2018-14634 — Linux Kernel Integer Overflow Vulnerability

2026-01-26 • CISA Known Exploited Vulnerability

[event] Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.

> AFFECTED SOFTWARE

Field	Value
Vendor	Linux
Product	Kernel
CWE	CWE-190
CVE ID	CVE-2018-14634
Date Added	2026-01-26
Due Date	2026-02-16
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due Date: 2026-02-16

> REFERENCES

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/
[2] https://www.kernel.org/
[3] https://www.cve.org/CVERecord?id=CVE-2018-14634
[4] https://access.redhat.com/errata/RHSA-2018:3540
[5] https://nvd.nist.gov/vuln/detail/CVE-2018-14634