A security flaw has been uncovered in the Linux kernel known as “stockRot” (CVE-2023-3269), which allows attackers to gain access to the kernel and escalate their privileges. This vulnerability, referred to as “Stack Rot,” affects versions 6.1 to 6.4 of the Linux kernel.
The stack, a memory section that operates on a last-in-first-out (LIFO) principle, is where data like local variables and function calls are stored. The Stack Rot vulnerability specifically affects stack expansion in the Linux kernel.
However, this is not a simple vulnerability to exploit. It requires an attacker to have a deep understanding of memory management and use-after-free issues. The vulnerability lies in the memory management subsystem of the Linux kernel, which impacts almost all kernel configurations and can be triggered with minimal capabilities.
The vulnerability arises from a maple tree, which is responsible for managing virtual memory areas. When this tree undergoes node replacement without properly acquiring the MM write lock, it can lead to use-after-free issues. The maple tree is a B-Tree data type optimized for storing non-overlapping ranges and is composed of maple nodes.
The StackRot vulnerability has been present in the Linux kernel since version 6.1 when the VMA (Virtual Memory Area) tree structure was changed from red-black trees to maple trees. However, exploiting this vulnerability is considered challenging because maple nodes are freed using RCU (Read-Copy Update) callbacks, delaying memory deallocation until after the RCU grace period.
According to Peking University security researcher Ruihan Li, there are currently no publicly available exploits that target use-after-free-by-RCU (UAFBR) bugs like this one. However, he mentioned that this flaw could potentially be exploited in the environment provided by Google kCTF VRP (Capture the Flag Vulnerability Reward Program).
Fortunately, a patch has already been released to fix this vulnerability. The fix was implemented during the merge window for Linux kernel 6.5 and has been merged into Linus’ tree. Additionally, patches have been applied to stable kernels 6.1.37, 6.3.11, and 6.4.1, effectively resolving the Stack Rot bug as of July 1st.
It is crucial for Linux users to update their kernels to the latest versions to ensure they are protected against this vulnerability. Keeping systems up to date with the latest security patches is always recommended to mitigate the risk of potential exploits.
Overall, while the Stack Rot vulnerability presents a potential security risk, the prompt identification and patching of this flaw demonstrate the proactive efforts of the Linux community and developers in maintaining the security and integrity of the kernel. Users can now update their systems with peace of mind, knowing that this vulnerability has been effectively addressed.