Blue Goat Cyber logoBlue Goat CyberSMMedical Device Cybersecurity
    K
    Goat Feed · KEV

    CISA KEV: Linux Kernel CVE-2018-14634 - Kernel Integer Overflow Vulnerability

    Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.

    Back to the daily feed
    KEV
    critical

    BGC Risk Score

    Blue Goat Cyber MedTech rubric v1.0 · methodology

    4.2
    of 10
    notable
    CVSS technical
    40% · +1.6

    Not published

    Patient safety
    35% · +0.7

    No direct patient impact inferred

    Exploit maturity
    15% · +1.5

    On CISA KEV (in-the-wild)

    MedTech exposure
    10% · +0.4

    4/10 network-reachable signals

    How we got to 4.2

    1. 1
      CVSS technical severity (40%)

      Industry-standard exploitability + impact score. We prefer CVSS 4.0 and fall back to 3.1 per the FDA's Feb 2026 premarket cybersecurity guidance. Missing CVSS scores get a neutral 4.0 so unknown vulns are not over- or under-rated.

      No CVSS published yet · neutral 4.0 × 40% = +1.60
    2. 2
      Patient safety impact (35%)

      What happens to a patient if this vuln is exploited on a connected device. Auto-inferred from headline, dek, tags, and device class against a curated MedTech keyword library (pacemaker, infusion pump, EHR, PACS, etc.).

      No direct patient impact inferred → 2 × 35% = +0.70
    3. 3
      Exploit maturity (15%)

      Is anyone actually using this in attacks? KEV listing > weaponized exploit > public PoC > none. KEV alone forces tier=critical regardless of CVSS.

      On CISA KEV (in-the-wild) → 10 × 15% = +1.50
    4. 4
      MedTech exposure (10%)

      How likely this affects clinical operations: presence in our MedTech feed (+4 baseline), network-reachable signals (+3), known device-class tags (+2), identified MedTech vendor (+1).

      Exposure 4/10 × 10% = +0.40

    Tier cutoffs: Critical ≥ 8.5 · High 7.0–8.4 · Notable 4.0–6.9 · Info < 4.0. Full methodology, weights, and changelog at /goatfeed/risk-rubric.

    CVE: CVE-2018-14634

    Vendor / product: Linux Kernel

    KEV added: 2026-01-26 · Federal due date: 2026-02-16

    Vulnerability

    Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.

    Required action

    Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Citations
    #kev#cve#linux
    Need help acting on this?

    Talk to Blue Goat Cyber

    Penetration testing, SBOM, threat modeling, and 524B submission support for MedTech.