StackRot Vulnerability

Quite a severe recent vulnerability.

What is StackRot?

This is my first article, and as such, I decided to open a recent and important topic regarding a new vulnerability found in the Linux kernel.

So what exactly is StackRot? StackRot, also known as CVE-2023-3269, is a flaw found in Linux kernel versions 6.1 through 6.4. The flaw was found in the memory management subsystems and it requires minimum knowledge to trigger. For starters, the memory management subsystem is a component of the kernel which is responsible for virtual memory and demand paging, memory allocation and more.

What is this vulnerability capable of doing?

If an attacker exploits this vulnerability, this can lead to privilege escalation. This means the attacker can gain initial access to a limited shell, but that can quickly scale to a root account.

The good news

Fortunately, there are no exploits in the wild that target this vulnerability, and it has been patched by Linus Torvalds himself. The vulnerability was reported to the Linux kernel security team back in June and it took nearly two weeks for Linus Torvalds to fix this bug. You can tell this is a big issue when Linus Torvalds decides to take the matter into his own hands. It was merged in Linux kernel 6.5, more specifically in Linus' tree.

If you are a code monkey or looking for a more technical overview of this exploit, Linus himself wrote a merge message on the official kernel git that explains everything behind the vulnerability. You can read more here.

As it stands, the patch was backported to stable kernels too (6.1.37, 6.3.11 and 6.4.1), but the best recommendation is to always stay on the latest kernel available. My personal recommendation is to use the Liquorix Linux kernel, as it is easy to implement into your distribution and receives updates and patches very frequently. Users of Debian 12 Bookworm are advised to update their kernel, as Bookworm ships by default with kernel 6.1. Also, RHEL users don't have to do this, as the code that opened this vulnerability was not found in that distribution.

Sources: