stackrot

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
StackRot (CVE-2023-3269) is a significant Linux kernel privilege escalation vulnerability discovered by security researcher Ruihan Li in July 2023. The flaw, found in the memory management subsystem, affects almost all kernel configurations and impacts Linux versions 6.1 through 6.4. StackRot pertains to the Linux kernel's handling of stack expansion, a mechanism for automatically growing or expanding the stack memory of a running process. The vulnerability has been present in the Linux kernel since version 6.1 when the VMA tree structure was changed from red-black trees to maple trees. The exploit for StackRot is likely the first to successfully exploit a UAFBR bug, marking it as a unique and severe threat. This vulnerability allows attackers to escalate privileges on affected systems, creating potential for significant security breaches. Its CVSS score of 7.8 further emphasizes the critical nature of this flaw. Despite its severity, triggering the vulnerability requires minimal capabilities, making it even more concerning. Ruihan Li reported the vulnerability to Linux kernel developers on June 15, 2023, and some information regarding StackRot was made public shortly thereafter. A comprehensive write-up and complete exploit code are expected to be released publicly no later than the end of July 2023. The community anticipates these details to better understand the vulnerability and develop effective mitigation strategies.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Linux
Securityweek
Poc
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-3269Unspecified
2
None
Source Document References
Information about the stackrot Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability
CERT-EU
a year ago
StackRot Linux Kernel Bug Has Exploit Code on the Way
CERT-EU
a year ago
StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs
CERT-EU
a year ago
Kernel Linux: la nuova falla di StackRot - Cyber Security 360
CERT-EU
a year ago
StackRot: Linux Bug so bad Linus Dives Into Code to Fix It
CERT-EU
a year ago
Researchers Discovered a New Linux Kernel 'StackRot' Privilege Escalation Vulnerability - Slashdot
CERT-EU
a year ago
Researchers Discovered a New Linux Kernel 'StackRot' Privilege Escalation Vulnerability Discovered - Slashdot
CERT-EU
a year ago
Novel Linux kernel vulnerability exploitable for elevated privileges
CERT-EU
a year ago
This Week In Security: Bogus CVEs, Bogus PoCs, And Maybe A Bogus Breach
CERT-EU
a year ago
StackRot: A New Linux Kernel Flaw Allows Privilege Escalation
CERT-EU
a year ago
StackRot - New Linux kernel Privilege Escalation Vulnerability
CERT-EU
a year ago
oss-sec: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability
CERT-EU
a year ago
StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs | Antivirus and Security news
Securityaffairs
a year ago
StackRot, a new Linux Kernel privilege escalation vulnerability
CERT-EU
a year ago
StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs | IT Security News