New Linux Kernel Security Flaw Could Allow Attackers to Gain Root Access
Information regarding a recently discovered security hole in the Linux kernel that could provide users with elevated rights on a target system is now available.
Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild.
Peking University security researcher Ruihan Li issued a statement that said,
As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger. However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging.
Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds.
By the end of the month, a proof-of-concept (PoC) exploit and more technical details regarding the flaw are anticipated to be made available.
Our Readers ALSO READ
Linux routers are the target of a new GobRAT remote access Trojan
Virtual memory areas (VMAs), a contiguous range of virtual addresses that could be the contents of a file on a disc or the memory a program uses during execution, are managed and stored by a data structure called maple tree, which was introduced in the Linux kernel 6.1 as a replacement for the red-black tree (rbtree).
The maple tree “can undergo node replacement without properly acquiring the MM write lock,” according to the description, and this leads to a use-after-free problem that might be exploited by a local user to compromise the kernel and increase their privileges.
Anyway, I think I want to actually move all the stack expansion code to a whole new file of its own, rather than have it split up between mm/mmap.c and mm/memory.c, but since this will have to be backported to the initial maple tree VMA introduction anyway, I tried to keep the patches _fairly_ minimal.
Torvalds
Like this article, follow our LinkedIn, and Facebook articles for exclusive content we post daily.
