Security News > 2023 > July > New StackRot Linux kernel flaw allows privilege escalation
Technical information has emerged for a serious vulnerability affecting multiple Linux kernel versions that could be triggered with "Minimal capabilities." The security issue is being referred to as StackRot and can be used to compromise the kernel and elevate privileges.
StackRot impacts all kernel configurations on Linux versions 6.1 through 6.4.
Specifically, the weak spot is in "Maple tree," a new data structure system for VMAs introduced in Linux kernel 6.1 that replaced the "Red-black trees" and relied on the read-copy-update mechanism.
As the Linux kernel expands the stack and removes the gap between VMAs, a new node is created in the "Maple tree," and the old one is marked for deletion after current reads finish due to the maple tree's RCU safety.
Users should check the kernel version their Linux distro runs on and choose one that is not affected by StackRot or an updated release that contains the fix.
New Linux kernel NetFilter flaw gives attackers root privileges.
News URL
Related news
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)