From Linux 6.1 to 6.5, a patch has been included to fix the StackRot vulnerability

Vulnerability in Linux

Whatever operating system we use, it is worth always having it well updated. And, make no mistake, this does not mean that you have to use one that uses the latest packages out of necessity. There are distributions that use slightly older software that are responsible for applying the patches on their own, backporting everything important. For example, the kernel, which this week received a major patch on Linux versions ranging from 6.1 to 6.5.

Right now, Linux 6.5 has not even seen its first Release Candidate published, but its news already includes a patch that corrects a vulnerability that has been disclosed under the name of StackRot. StackRot is a privilege escalation vulnerability in Linux that hasn't been talked about until a few hours ago. It affects Linux 6.1 and later, so the kernel maintainers team released the patch without making much noise. Versions that already arrived last week are not affected.

Upgrade your Linux 6.1+ when possible

StackRot does its tricks inside the memory management code and is therefore highly exposed in the affected wide kernel configurations. The worst thing is that we are talking about a vulnerability that exists since September 2022, when the VMA tree was moved to the Mapple Trees structure. The versions that correct the bug are Linux 6.1.137, 6.3.11, 6.4.1 and the 6.5 that is now receiving requests. Linux 6.2 it is no longer supported, so it is not listed.

In most cases, Linux distributions will push new kernel versions or apply their own patches based on those of the official versions. Those who have installed the kernel on their own should update as soon as possible.

Learn more.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Miguel Rodriguez said

    WTF?! Has it existed since September 2023 when we are in July 2023? It must be the work of the Reverse Flash, alias Ezra Miller...