Remember CVE-2023-3269 aka #StackRot, a #Linux #kernel vulnerability found in the memory management subsystem of 6.1 - 6.4 which became partly public earlier this month when it was fixed[1]?

The complete exploit code and a comprehensive write-up are now out: https://github.com/lrh2000/StackRot

[1] https://fosstodon.org/@kernellogger/110661616864906695

#Linux #Stackrot https://www.cybersecurity360.it/news/kernel-linux-la-nuova-falla-di-stackrot-permette-lescalation-dei-privilegi/

Xenia Linux has been updated to include the latest software versions, including kernel 6.1.38 which fixes stackrot. Both unstable and stable are now updated. Please update your system when possible! @xenia

#xenia #gentoo #stackrot

@xenia is currently being updated with a new kernel version to fix StackRot. Sorry about being so late! Unfortunate timing for me to go on holiday it seems.

unstable is already updated, and I'm building stable/main now. Hang tight!

#xenia #gentoo #linux #stackrot

"#StackRot #Linux #Kernel #Vulnerability Shows Exploitability of UAFBR Bugs" by @SecurityWeek / @EduardKovacs - CVE-2023-3269 bug in Read-Copy-Update (RCU) code since 6.1, fixed in 6.1.37, 6.3.11 & 6.4.1 https://www.securityweek.com/stackrot-linux-kernel-vulnerability-shows-exploitability-of-uafbr-bugs/ #cybersecurity #OpenSource #software #tech

🐧 A security flaw called #StackRot has been discovered in the #Linux kernel versions 6.1 through 6.4, which could allow a user to gain elevated privileges on a target host. However, exploiting the flaw is considered challenging.
https://alternativeto.net/news/2023/7/stackrot-newly-discovered-linux-kernel-vulnerability-allows-privilege-escalation/

StackRot: La pericolosa vulnerabilità di Linux che mette a rischio i tuoi dati

Soprannominato #StackRot (CVE-2023-3269 , punteggio CVSS: 7.8), è un #bug di #sicurezza presente sulle versioni di #Linux dalla 6.1 alla 6.4.

Sono emersi recentemente dei #dettagli che possono consentire a un #utente di ottenere #privilegi elevati su un #host di destinazione.

Condividi questo post se hai trovato la news interessante.

#redhotcyber #online #it #web #ai #hacking #privacy #cybersecurity #cybercrime #intelligence #intelligenzaartificiale #informationsecurity #ethicalhacking #dataprotection #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #infosecurity

https://www.redhotcyber.com/post/stackrot-la-pericolosa-vulnerabilita-di-linux-che-mette-a-rischio-i-tuoi-dati/

In case you wondered why Linus recently fiddled with the user mode stack expansion code in mainline[1], here is your explanation:

CVE-2023-3269. #LinuxKernel privilege escalation vulnerability – https://www.openwall.com/lists/oss-security/2023/07/05/1

"#StackRot is a #Linux #kernel vulnerability found in the memory management subsystem [of 6.1 - 6.4], it affects almost all configurations and requires minimal capabilities to trigger"

[1] https://git.kernel.org/torvalds/c/9471f1f2f50282b9e8f59198ec6bb738b4ccc009 , which was followed by several fix-up patches in the past week