Security News > 2023 > July > New StackRot Linux kernel flaw allows privilege escalation
Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "Minimal capabilities." The security issue is being referred to as StackRot and can be used to compromise the kernel and elevate privileges.
StackRot impacts all kernel configurations on Linux versions 6.1 through 6.4.
Specifically, the weak spot is in "Maple tree," a new data structure system for VMAs introduced in Linux kernel 6.1 that replaced the "Red-black trees" and relied on the read-copy-update mechanism.
As the Linux kernel expands the stack and removes the gap between VMAs, a new node is created in the "Maple tree," and the old one is marked for deletion after current reads finish due to the maple tree's RCU safety.
Users should check the kernel version their Linux distro runs on and choose one that is not affected by StackRot or an updated release that contains the fix.
New Linux kernel NetFilter flaw gives attackers root privileges.