Recent reports have brought to light crucial technical details regarding a critical vulnerability impacting various versions of the Linux kernel. This vulnerability, known as “StackRot” (CVE-2023-3269), can be triggered with minimal capabilities, posing a significant security risk.
Exploiting this flaw enables attackers to compromise the kernel, subsequently granting them the ability to elevate their privileges.
New StackRot Linux kernel flaw
Referred to as StackRot (CVE-2023-3269, CVSS score: 7.8), this vulnerability affects Linux versions 6.1 through 6.4. Currently, there is no evidence of any exploitation of this vulnerability in real-world scenarios.
StackRot results from the Linux kernel’s handling of stack expansion in the memory management subsystem, which is associated with the management of virtual memory areas (VMAs).
This vulnerability arises from a use-after-free (UAF) issue related to the handling of stack expansion. Specifically, the maple tree has the ability to overwrite a node without acquiring the necessary memory management (MM) write lock.
After a responsible disclosure on June 15, 2023, the vulnerability was promptly addressed by Linus Torvalds and his team. Their dedicated two-week effort resulted in the release of stable versions 6.1.37, 6.3.11, and 6.4.1, which effectively patched the issue. These updates were made available as of July 1, 2023.
The vulnerability primarily originates from a data structure known as the maple tree, which was introduced in Linux kernel 6.1. It serves as a substitute for the red-black tree (rbtree) and is responsible for managing and storing virtual memory areas (VMAs).
VMAs represent contiguous ranges of virtual addresses that can encompass file contents on disk or memory utilized by programs during their execution.
Although Linux kernel 6.1 has been designated as a long-term support (LTS) release since February, not all major Linux distributions have incorporated it.
For instance, Ubuntu 22.04.2 LTS (Jammy Jellyfish), which will receive standard support until April 2027, is bundled with version 5.19 of the Linux kernel. Conversely, Debian 12 (Bookworm) includes the Linux 6.1 kernel.
It is advisable for users to verify the kernel version of their Linux distribution and opt for a version that is either unaffected by StackRot or contains the necessary correction.