Mutagen Astronomy: From Discovery to CISA Recognition—A Seven-Year Journey

Qualys TRU revisits CVE-2018-14634 (“Mutagen Astronomy”), a 2018 Linux kernel local privilege escalation affecting major enterprise distributions; the advisory explains the root cause (integer overflow in create_elf_tables when handling many arguments), notes CISA’s recent addition to the Known Exploited Vulnerabilities catalog confirming in-the-wild exploitation, and provides prioritization and remediation guidance for security teams, including patching, updating base images, and verification workflows.