The "StackRot" kernel vulnerability
Ruihan Li has discloseda significant vulnerability introduced into the 6.1 kernel:
A flaw was found in the handling of stack expansion in the Linuxkernel 6.1 through 6.4, aka "Stack Rot". The maple tree,responsible for managing virtual memory areas, can undergo nodereplacement without properly acquiring the MM write lock, leadingto use-after-free issues. An unprivileged local user could use thisflaw to compromise the kernel and escalate their privileges.As StackRot is a Linux kernel vulnerability found in the memorymanagement subsystem, it affects almost all kernel configurationsand requires minimal capabilities to trigger. However, it should benoted that maple nodes are freed using RCU callbacks, delaying theactual memory deallocation until after the RCU graceperiod. Consequently, exploiting this vulnerability is consideredchallenging.
The disclosure contains a detailed description of the problem. Fixes havebeen merged into themainline and the 6.4.1, 6.3.11, and 6.1.37stable kernel updates.