A researcher has disclosed a Linux kernel vulnerability that he claims is the first to demonstrate that a type of bug called use-after-free-by-RCU (UAFBR) is exploitable.
The vulnerability, named StackRot and officially tracked as CVE-2023-3269, was reported to Linux kernel developers on June 15 by researcher Ruihan Li.
The flaw has been present in the kernel since version 6.1 and patches were made available on July 1 with the release of versions 6.1.37, 6.3.11 and 6.4.1.
The researcher made public some information on StackRot this week, but a complete exploit and a detailed write-up are expected to be released at the end of July.
According to the researcher, the issue impacts the memory management subsystem and it can allow an unprivileged local user to compromise the kernel and escalate privileges.
While nearly all kernel configurations are affected and minimal capabilities are required to trigger the bug, the researcher pointed out that exploiting the vulnerability is not easy.
“The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues,” he explained.
“However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging,” he added.
The researcher believes there are no other publicly available exploits targeting these UAFBR bugs and this is the first time it has been proven that they are exploitable.
The exploit has been executed in the kCTF Kubernetes-based environment for CTF competitions provided by Google.
Related: CISA Says ‘PwnKit’ Linux Vulnerability Exploited in Attacks
Related: CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware
Related: Polkit Vulnerability Provides Root Privileges on Linux Systems
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Microsoft Adding New Security Features to Windows 11
- Sony Investigating After Hackers Offer to Sell Stolen Data
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
- Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
Latest News
- Microsoft Adding New Security Features to Windows 11
- UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
- Sony Investigating After Hackers Offer to Sell Stolen Data
- The CISO Carousel and its Effect on Enterprise Cybersecurity
- Xenomorph Android Banking Trojan Targeting Users in US, Canada
- $200 Million in Cryptocurrency Stolen in Mixin Network Hack
- Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
- Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
