Researchers Discovered a New Linux Kernel 'StackRot' Privilege Escalation Vulnerability (thehackernews.com) 36
Wednesday Greg Kroah-Hartman announced the release of the 6.4.2 kernel. "All users of the 6.4 kernel series must upgrade."
The Hacker News reports: Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.
"As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging."
Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month.
ZDNet points out that Linux 6.4 "offers improved hardware enablement for ARM boards" and does a better job with the power demands of Steam Deck gaming devices. And "On the software side, the Linux 6.4 release includes more upstreamed Rust code. We're getting ever closer to full in-kernel Rust language support."
The Register also notes that Linux 6.4 also includes "the beginnings of support for Apple's M2 processors," along with support for hibernation of RISC-V CPUs, "a likely presage to such silicon powering laptop computers."
The Hacker News reports: Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.
"As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging."
Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month.
ZDNet points out that Linux 6.4 "offers improved hardware enablement for ARM boards" and does a better job with the power demands of Steam Deck gaming devices. And "On the software side, the Linux 6.4 release includes more upstreamed Rust code. We're getting ever closer to full in-kernel Rust language support."
The Register also notes that Linux 6.4 also includes "the beginnings of support for Apple's M2 processors," along with support for hibernation of RISC-V CPUs, "a likely presage to such silicon powering laptop computers."
Re:Heh (Score:5, Informative)
A serious bug in a major component in a common operating system.
Its certainly more newsworthy than some of the stuff that shows up on here.
Re: (Score:2)
It's such a serious exploit, it even introduced a bug in the story headline about the exploit!
Re: (Score:3)
Are these researchers from the Department of Redundancy Department?
Re: (Score:2)
I tried to make it sound right in my head. No one said anything at first so I thought it was just me. Must be the new blood pressure meds.
Re: (Score:1)
Re: (Score:3)
Probably more news worthy is its short life span.
Re: (Score:2)
Agreed. In fact, /. provides a nice filter in that mostly only really serious stuff ends up here.
Re:Heh (Score:4, Funny)
Re: Heh (Score:1)
Re: (Score:2)
Yep, that is my understanding as well! Or not.
Anyways, I have just found I have no 6.x. kernel running anywhere. There is something to be said for sticking to older longterm-kernels if you do not need the new stuff.
Maple tree explanation (Score:1)
StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability [github.com]:
Whenever the mmap() system call is utilized to establish a memory mapping, the kernel generates a structure called vm_area_struct to represent the corresponding virtual memory area (VMA). This structure stores various information including flags, properties, and other pertinent details related to the mapping.
Subsequently, when the kernel encounters page faults or other memory-related system calls, it requires fast lookup of the VMA solely based on the address. Previously, the VMAs were managed using red-black trees. However, starting from Linux kernel version 6.1, the migration to maple trees took place. Maple trees [kernel.org] are RCU-safe B-tree data structures optimized for storing non-overlapping ranges. Nonetheless, their intricate nature adds complexity to the codebase and introduces the StackRot vulnerability.
https://docs.kernel.org/6.4/co... [kernel.org]
longterm (Score:2)
Reinforces the wisdom of my plan that a kernel is ready for production use when its "longterm" release reaches 100.
Re: (Score:2)
Makes a lot of sense. Currently, the only one below 100 is 6.1.38 from a few days back, with 6.1.37 probably vulnerable.
I have been doing something like this for a long time and on the last few kernel security problems, I just needed to confirm that I am not affected.
Trying to parse headline: (Score:2)
How about
Researchers Discovered a New Linux Kernel.
'StackRot' Privilege Escalation Vulnerability Discovered.
TAP (Score:2)
Tonight Iâ(TM)m Gonna Rock You Tonight
The Department of Redundancy Department called (Score:2)
They want their headline back
This headline strange is. (Score:2)
Must be a REALLY bad bug (Score:3, Funny)
What about older versions? (Score:2)
Like v5, v4, etc.?
Re:What about older versions? (Score:5, Informative)
They're fine. 6.1 onward is vulnerable. Per the commit message [1] , this appeared when the memory system started using maple trees, which got merged in 6.1. It also might be default on only since 6.4, but don't take my word for that.
[1] https://git.kernel.org/pub/scm... [kernel.org]
Re: (Score:1)
We've known for decades that maple trees [rush.com] make trouble -- it's amazing that anyone decided to put them in the Linux kernel.
But RUST will fix it - The RUST programming language fixes everything.
Does your Linux kernel suffer from security vulnerabilities? Let RUST fix that.
Erectile disfunction? No problem, RUST fixes that.
Persistent flatulence? Yep, RUST fixes that too !!
Your Tesla is not charging normally? Yes, RUST can fix that !!
Annoying spammers on /. bothering you? RUST can't fix that.
/sarcasm
Re: (Score:2)
Hmm. A maple Tree seems to be a variant of an interval tree. These are not so easy to get right, so maybe there were not enough brain-cells left for the trivial stuff?
Discovered twice (Score:1)
seems like they discovered it twice, according to the headline.
This is so bad... (Score:3)
...they discovered it twice!
Interesting choice of CVE link (Score:2, Funny)
Re: Interesting choice of CVE link (Score:4, Informative)
Repo for PoC (Score:2)
The PoC is going to be posted here but there are enough details here to make it yourself: https://github.com/lrh2000/Sta... [github.com]