Made in the Linux 6.1 nucleus VMA (Virtual Memory Area) from the “Red-Black Tree” data on “Maple Tree” led to the appearance of vulnerability (CVE-2023-3269), allowing an unprivileged user to execute arbitrary code with kernel privileges. The vulnerability, known as Stackrot, affects Linux kernel 6.1 and is fixed in updates 6.4.1, 6.3.11, and 6.1.37. Details of the vulnerability can be found here.
The vulnerability is caused by an error in the stack expansion process of the “Maple Tree” data structure used for controlling virtual memory areas in the kernel. The issue arises when replacing a node in the tree without properly setting the lock for writing, which allows accessing the memory area after it has been freed (use-after-free). The use of “Maple Tree” instead of the traditional “Red-Black Tree” allows for better cache utilization in modern processors, leading to improved performance.
Exploiting this vulnerability was complicated due to the delayed freeing of components in the “Maple Tree” structure using RCU (Read-Copy-Update) locks through callback-calls. However, researchers have successfully developed an exploit, which they plan to disclose at the end of July to provide users with sufficient time to update their systems. The exploit can be executed on almost all kernel configurations with minimal privileges required.