Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability

Cyber Security Threat Summary:
Researchers at Peking University recently disclosed details of a new flaw in the Linux Kernel that could enable a threat actor to elevate privileges on a targeted host. Dubbed StackRot, the flaw is being tracked as CVE-2023-3269 and impacts Linux versions 6.1 through 6.4. According to security researcher Ruihan Li, “As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger…However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging.”

CVE-2023-3269 stems from a data structure called maple tree, which is designed to manage and store virtual memory areas, a contiguous range of virtual addresses that could be the contents of a file on disk or the memory a program uses during execution. Due to the fact that Maple tree can “undergo node replacement without properly acquiring the MM write block” a threat actor could compromise the kernel and escalate privileges.

Security Officer Comments:
As of writing, there is no evidence to suggest that this flaw was exploited in attacks in the wild. With a proof-of-concept (POC) expected to be released to the public by the end of the month, administrators should update their systems to the latest version as soon as possible.

Suggested Correction(s):
CVE-2023-3269 was disclosed on June 15, 2023 and has since been address in Linux stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023