Post Syndicated from original https://lwn.net/Articles/937377/

Ruihan Li has disclosed
a significant vulnerability introduced into the 6.1 kernel:

A flaw was found in the handling of stack expansion in the Linux
kernel 6.1 through 6.4, aka “Stack Rot”. The maple tree,
responsible for managing virtual memory areas, can undergo node
replacement without properly acquiring the MM write lock, leading
to use-after-free issues. An unprivileged local user could use this
flaw to compromise the kernel and escalate their privileges.

As StackRot is a Linux kernel vulnerability found in the memory
management subsystem, it affects almost all kernel configurations
and requires minimal capabilities to trigger. However, it should be
noted that maple nodes are freed using RCU callbacks, delaying the
actual memory deallocation until after the RCU grace
period. Consequently, exploiting this vulnerability is considered
challenging.

The disclosure contains a detailed description of the problem. Fixes have
been merged into the
mainline and the 6.4.1, 6.3.11, and 6.1.37
stable kernel updates.