Exploiting the StackRot vulnerability

For those who are interested in the gory details of how the StackRot vulnerability works, Ruihan Li hasposted a detailedwriteup of the bug and how it can be exploited.

As StackRot is a Linux kernel vulnerability found in the memorymanagement subsystem, it affects almost all kernel configurationsand requires minimal capabilities to trigger. However, it should benoted that maple nodes are freed using RCU callbacks, delaying theactual memory deallocation until after the RCU graceperiod. Consequently, exploiting this vulnerability is consideredchallenging.

To the best of my knowledge, there are currently no publiclyavailable exploits targeting use-after-free-by-RCU (UAFBR)bugs. This marks the first instance where UAFBR bugs have beenproven to be exploitable, even without the presence ofCONFIG_PREEMPT or CONFIG_SLAB_MERGE_DEFAULT settings.