Connect with us

Hi, what are you looking for?



StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs

A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs.

A researcher has disclosed a Linux kernel vulnerability that he claims is the first to demonstrate that a type of bug called use-after-free-by-RCU (UAFBR) is exploitable.

The vulnerability, named StackRot and officially tracked as CVE-2023-3269, was reported to Linux kernel developers on June 15 by researcher Ruihan Li. 

The flaw has been present in the kernel since version 6.1 and patches were made available on July 1 with the release of versions 6.1.37, 6.3.11 and 6.4.1.

The researcher made public some information on StackRot this week, but a complete exploit and a detailed write-up are expected to be released at the end of July. 

According to the researcher, the issue impacts the memory management subsystem and it can allow an unprivileged local user to compromise the kernel and escalate privileges. 

While nearly all kernel configurations are affected and minimal capabilities are required to trigger the bug, the researcher pointed out that exploiting the vulnerability is not easy.

“The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues,” he explained. 

Advertisement. Scroll to continue reading.

“However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging,” he added. 

The researcher believes there are no other publicly available exploits targeting these UAFBR bugs and this is the first time it has been proven that they are exploitable. 

The exploit has been executed in the kCTF Kubernetes-based environment for CTF competitions provided by Google. 

Related: CISA Says ‘PwnKit’ Linux Vulnerability Exploited in Attacks

Related: CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware

Related: Polkit Vulnerability Provides Root Privileges on Linux Systems

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.