Security News > 2023 > July > Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host.
Dubbed StackRot, the flaw impacts Linux versions 6.1 through 6.4.
"As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said.
The flaw is essentially rooted in a data structure called maple tree, which was introduced in Linux kernel 6.1 as a replacement for red-black tree to manage and store virtual memory areas, a contiguous range of virtual addresses that could be the contents of a file on disk or the memory a program uses during execution.
Discover different approaches to conquer Privileged Account Management challenges and level up your privileged access security strategy.
Specifically, it's described as a use-after-free bug that could be exploited by a local user to compromise the kernel and escalate their privileges by taking advantage of the fact that the maple tree "Can undergo node replacement without properly acquiring the MM write lock."
News URL
https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html
Related news
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- CISA orders agencies to patch Linux kernel bug exploited in attacks (source)
- Mixing Rust and C in Linux likened to cancer by kernel maintainer (source)
- 'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters (source)
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)
- Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable (source)