StackRot Linux Kernel Bug Has Exploit Code on the Way

  /     /     /  
Publicated : 23/11/2024   Category : security


StackRot Linux Kernel Bug Has Exploit Code on the Way


Linus Torvalds led a Linux kernel team in developing a set of patches for the privilege escalation flaw.



Exploit code will soon become available for a critical vulnerability in the Linux kernel that a security researcher discovered and reported to Linux administrators in mid-June.
The bug, which the researcher labeled StackRot (
CVE-2023-3269
), affects Linux kernel 6.1 through 6.4 and gives attackers a way to escalate privileges on affected systems.
Security researcher Ruihan Li of Peking University in China discovered the vulnerability and described it this week as affecting almost all Linux kernel configurations and requiring minimal capabilities to trigger.
A response team, led by Linux creator Linus Torvalds, worked about two weeks on developing a set of patches to address the vulnerability. 
On June 28th, during the merge window for Linux kernel 6.5, the fix was merged into Linus tree, Li said in a
GitHub post
announcing his discovery. Linus provided a
comprehensive merge message
to elucidate the patch series from a technical perspective, Li noted.
The patches have since been backported to kernels 6.1.37, 6.2.11, and 6.4.1, effectively resolving the StackRot bug on July 1, Li wrote. The complete exploit code and a comprehensive write-up will be made publicly available no later than the end of July.
StackRot pertains to the Linux kernels handing of stack expansion, a mechanism for automatically growing or expanding the stack memory of a running process.
The data structure for managing virtual memory spaces in the Linux kernel handles a particular memory management function in a manner that results in use-after-free-by-RCU (UAFBR) issues, Li said. UAFBR flaws combine the use-after-free vulnerability with what is known as the Read-Copy-Update (RCU) mechanism in the Linux kernel for
synchronizing the use of shared data
.
Use-after-free
is a type of vulnerability where a software program continues to use a memory reference after it has been deallocated or freed. This gives attackers a way to insert arbitrary code into the freed but still used memory space. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges, Li said. The Linux kernel uses the RCU mechanism to free or deallocate used memory space.
While UAFBR vulnerabilities can be dangerous, they are not easy to exploit because of a certain delay that happens with memory deallocation when memory spaces are freed using RCU callbacks, Li explained.
The researcher described the exploit for StackRot as likely the first to successfully exploit a UAFBR bug. To the best of my knowledge, there are currently no publicly available exploits targeting use-after-free-by-RCU bugs, Li said. This marks the first instance where UAFBR bugs have been proven to be exploitable.
The Linux kernel teams fix for the flaw — led by Torvalds — basically modifies the kernels user mode stack expansion code to prevent the use-after-free condition from happening.
Its actually something we always technically should have done,
Torvalds said
 in a GitHub post. But because we didnt strictly need [it], we were being lazy (opportunistic sounds so much better, doesnt it?) about things.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
StackRot Linux Kernel Bug Has Exploit Code on the Way