Researchers Uncover New Linux Kernel ‘StackRot’ Privilege Escalation Vulnerability

Researchers Uncover New Linux Kernel ‘StackRot’ Privilege Escalation Vulnerability

Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host.

Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.

“As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger,” Peking University security researcher Ruihan Li said.

Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds.

A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month.

The flaw is essentially rooted in a data structure called maple tree, which was introduced in Linux kernel 6.1 as a replacement for red-black tree (rbtree) to manage and store virtual memory areas (VMAs), a contiguous range of virtual addresses that could be the contents of a file on disk or the memory a program uses during execution.

Specifically, it’s described as a use-after-free bug that could be exploited by a local user to compromise the kernel and escalate their privileges by taking advantage of the fact that the maple tree “can undergo node replacement without properly acquiring the MM write lock.”