‘Mutagen Astronomy’ Linux kernel vulnerability sighted

From theregister.co.uk

A new Linux kernel vulnerability that can only be locally exploited is nonetheless proving a bit of a nuisance.

The CVE-2018-14634 vulnerability relates to a local privilege escalation bug in the Linux kernel, and creates a means to obtain root (administrator) privileges on a hacked system.

Security researchers at cloud security firm Qualys discovered the vulnerability, which stems from an integer overflow in the Linux kernel’s create_elf_tables() function. It’s not remotely exploitable, thank heavens, but on a vulnerable 64-bit system, a “local attacker can exploit this vulnerability via a SUID-root binary and obtain full root privileges,” Qualys warns.

Read more here