Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2215268 (CVE-2023-3269) - CVE-2023-3269 kernel: distros-[DirtyVMA] Privilege escalation via non-RCU-protected VMA traversal
Summary: CVE-2023-3269 kernel: distros-[DirtyVMA] Privilege escalation via non-RCU-pro...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2023-3269
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2219916 2221550 2221551 2221552 2221553 2221554 2221555 2221556 2221557 2221558
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-06-15 09:04 UTC by Rohit Keshri
Modified: 2023-07-17 14:28 UTC (History)
51 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.
Clone Of:
Environment:
Last Closed: 2023-07-05 23:01:17 UTC
Embargoed:


Attachments (Terms of Use)

Description Rohit Keshri 2023-06-15 09:04:00 UTC
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. 

The BUG is introduced in conjunction with the introduction of the maple tree in kernel v6.1.

The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues.

Upstream fix:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9471f1f2f50282b9e8f59198ec6bb738b4ccc009

Comment 1 Guilherme de Almeida Suckevicz 2023-07-05 18:35:25 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2219916]

Comment 2 Product Security DevOps Team 2023-07-05 23:01:14 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-3269

Comment 3 Rohit Keshri 2023-07-07 15:30:52 UTC
There was no shipped RHEL kernel seen affected with this problem.

The StackRot vulnerability has been present in the Linux kernel since version 6.1 when the VMA tree structure was changed from red-black trees to maple trees.


Note You need to log in before you can comment on or make changes to this bug.