Unused StackRot Linux kernel flaw lets in privilege escalation

Technical knowledge has emerged for a major vulnerability affecting a couple of Linux kernel variations that may be brought about with “minimal capabilities.” The safety factor is being known as StackRot (CVE-2023-3269) and will also be old to compromise the kernel and carry privileges.

A region is to be had for the affected strong kernels since July 1st and whole information about the problem at the side of an entire exploit code are anticipated by means of the tip of the week.

Safety researcher Ruihan Li found out and reported the vulnerability. He explains in a submit lately that it impacts the kernel’s reminiscence control subsystem, a attribute in fee with enforcing the digital reminiscence and insist paging, reminiscence allocation for the kernel’s wishes and the consumer field systems, in addition to mapping information into the processes’ cope with field.

StackRot affects all kernel configurations on Linux variations 6.1 thru 6.4.

Even if Li despatched the vulnerability record on June fifteenth, making a healing took nearly two weeks because of its complexity, and Linus Torvalds led the aim.

“On June 28th, during the merge window for Linux kernel 5.5, the fix was merged into Linus’ tree. Linus provided a comprehensive merge message to elucidate the patch series from a technical perspective. These patches were subsequently backported to stable kernels (6.1.37, 6.3.11, and 6.4.1), effectively resolving the “Stack Rot” bug on July 1st,” the researcher clarified.

StackRot main points

StackRot arises from the Linux kernel’s dealing with of stack growth inside of its reminiscence control subsystem, tie to managing digital reminiscence fields (VMAs).

Particularly, the susceptible spot is in “maple tree,” a unused information construction device for VMAs presented in Linux kernel 6.1 that changed the “red-black trees” and relied at the read-copy-update (RCU) mechanism.

The vulnerability is a use-after-free (UAF) defect stemming from the way in which stack growth was once treated, for the reason that maple tree may exchange a node with out acquiring the reminiscence control (MM) incrible lock.

Because the Linux kernel expands the stack and eliminates the distance between VMAs, a unused node is created within the “maple tree,” and the impaired one is marked for deletion next tide reads end because of the maple tree’s RCU protection.

Alternatively, all the way through the RCU grace length, a use-after-free factor might happen when a procedure accesses the impaired node, thus developing an exploitable context for raising privileges.

a race condition scenario in a multi-CPU system that results in a Use-After-Free (UAF) vulnerability due to the StackRot issue in the Linux kernel
Race situation in a multi-CPU device that leads to use-after-free flaw (github.com/lrh2000)

Exploit coming

Ruihan Li notes that exploiting StackRot is a difficult process and that CVE-2023-3269 is also the primary instance of a theoretically exploitable use-after-free-by-RCU (UAFBR) vulnerability.

Alternatively, the researcher introduced plans to expose your complete technical information about StackRot and a proof-of-concept (PoC) exploit by means of the tip of July.

Linux kernel 6.1 has been licensed because the long-term backup (LTS) model since February. Alternatively, no longer all main Linux distributions have followed it.

As an example, Ubuntu 22.04.2 LTS (Jammy Jellyfish), whose same old backup results in April 2027, ships with Linux kernel model 5.19. At the alternative hand, Debian 12 (Bookworm) comes with Linux kernel 6.1.

An entire listing of Linux distributions the usage of kernel model 6.1 or upper is to be had from DistroWatch.

Customers will have to test the kernel model their Linux distro runs on and make a selection one that isn’t suffering from StackRot or an up to date loose that comprises the healing.

Leave a Comment