uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-07-06 23:38:02

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Discover New 'StackRot' Privilege Escalation Vulnerability in the Linu

Information about a recently discovered security hole in the Linux kernel that could give a user elevated privileges on a target host has come to light.

The vulnerability affects Linux versions 6.1 through 6.4 and is known as StackRot (CVE-2023-3269, CVSS score: 7.8). There is currently no proof that the flaw has been used in the wild.

According to Peking University security researcher Ruihan Li, "StackRot is a Linux kernel vulnerability found in the memory management subsystem. It affects almost all kernel configurations and requires minimal capabilities to trigger.".

The actual memory deallocation is delayed until after the RCU grace period because maple nodes are freed using RCU callbacks, it should be noted. Consequently, it is thought to be difficult to exploit this weakness. ".

It was addressed in stable versions 6.1 after being disclosed responsibly on June 15, 2023. 37, 6.3. 6, and the number 11. 1 as of July 1, 2023, following a two-week effort under Linus Torvalds' direction.

By the end of the month, a proof-of-concept (PoC) exploit and additional technical details about the bug are anticipated to be made available.

Virtual memory areas (VMAs), a contiguous range of virtual addresses that could be the contents of a file on disk or the memory a program uses during execution, are managed and stored by a data structure called maple tree, which was introduced in the Linux kernel 6.1 as a replacement for red-black tree (rbtree).

It's described as a use-after-free bug that could be used by a local user to compromise the kernel and gain more power by taking advantage of the maple tree's ability to undergo node replacement without properly obtaining the MM write lock. ".

"Anyway, I think I actually want to move all the stack expansion code to a whole new file of its own, rather than have it split up between mm/mmap. C and memory/mm. I made an effort to keep the patches _fairly_ minimal because this will need to be backported to the initial maple tree VMA introduction anyhow, said Torvalds.

Offline

Board footer

Powered by FluxBB