Linux kernel 6.3 reaches end of life; the StackRot vulnerability is fixed in version 6.4
Linux kernel 6.3 has reached its end of life and will no longer be supported by bug and security fixes. This announcement comes amidst the discovery of a critical vulnerability, dubbed StackRot (CVE-2023-3269), which affects Linux kernel versions 6.1 through 6.4. Attackers can exploit this vulnerability to escalate privileges on compromised systems.
Security researcher Ruihan Li of Peking University in China uncovered the vulnerability, describing it as a pervasive issue that affects almost all Linux kernel configurations. Li emphasised that triggering the vulnerability requires minimal capabilities, making it a concerning threat to Linux users.
In response to the discovery, a dedicated team, led by Linux creator Linus Torvalds, worked tirelessly for two weeks to develop a set of patches addressing the vulnerability. The fix was merged into Linus’ tree during the merge window for Linux kernel 6.5 on June 28th.
StackRot revolves around the Linux kernel’s handling of stack expansion—a mechanism that automatically increases the stack memory of a running process. Li explained that the flaw arises due to a memory management function in the Linux kernel’s data structure for managing virtual memory spaces. This flaw results in useafter-free-by-RCU (UAFBR) issues, combining the use-after-free vulnerability with the Read-Copy-Update (RCU) mechanism for synchronising shared data.
Use-after-free vulnerabilities pose a serious threat as they allow attackers to insert arbitrary code into freed, yet still used, memory space. Exploiting such vulnerabilities is challenging due to a delay in memory deallocation caused by RCU callbacks. However, StackRot represents a first-of-its-kind successful exploitation of a UAFBR bug.
To address the vulnerability, the Linux kernel team, spearheaded by Torvalds,
modified the kernel’s user mode stack expansion code to prevent the occurrence of the use-after-free condition. Torvalds admitted, “It’s actually something we always technically should have done, but because we didn’t strictly need [it], we were being lazy about things.”
As a result of their efforts, the patches have been backported to kernels 6.1.37, 6.2.11, and 6.4.1, effectively resolving the StackRot bug on July 1st. However, with Linux kernel 6.3 reaching its end of life, users are strongly encouraged to upgrade to Linux 6.4, which includes the necessary fixes to mitigate the vulnerability.