Qualys has disclosed the details of an integer overflow vulnerability in the Linux kernel that can be exploited by a local attacker for privilege escalation. The flaw, dubbed “Mutagen Astronomy,” affects certain versions of the Red Hat, CentOS and Debian distributions.
Tracked as CVE-2018-14634, the flaw exists in the kernel’s create_elf_tables() function. The security hole can be exploited using a SUID binary to escalate privileges to root, but it only works on 64-bit systems.
The vulnerability affects versions of the kernel released between July 19, 2007, and July 7, 2017. While many Linux distributions have backported the commit that addresses the bug, the fix hasn’t been implemented in Red Hat Enterprise Linux, CentOS (which is based on Red Hat), and Debian 8 Jessie.
According to an advisory published by Qualys on Tuesday, the vulnerability was reported to Red Hat on August 31 and to Linux kernel developers on September 18. The cloud-based security and compliance solutions provider has made available both technical details and proof-of-concept (PoC) exploits.
Red Hat, which assigned the flaw an impact rating of “important” and a CVSS score of 7.8 (high severity), has started releasing updates that should address the issue.
“This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw,” Red Hat explained. “Systems with less than 32GB of memory are unlikely to be affected by this issue due to memory demands during exploitation.”
“This issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 will address this issue,” Red Hat said.