The "StackRot" kernel vulnerability [LWN.net]

Ruihan Li has disclosed a significant vulnerability introduced into the 6.1 kernel:

A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges.
As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger. However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging.

The disclosure contains a detailed description of the problem. Fixes have been merged into the mainline and the 6.4.1, 6.3.11, and 6.1.37 stable kernel updates.