Linux kernel 6.1-6.4 "Stack Rot" Kernel Privilege Escalation- 20230710001

Overview

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

What is the vulnerability?

CVE-2023-3269 - CVSS v3 Base Score: N/A

What is vulnerable?

The vulnerability affects the following products:

• Linux kernel 6.1 through 6.4

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• Stack Rot Fix
• Linux Kernel Source Tree (Message from Linus Torvalds)

Additional References

• Bleeping Computer
• Red Hat