CVE-2023-3269

HIGH EXPLOITED

Linux Kernel >=6.1 <6.1.37 - Use-After-Free in VMA Lock Handling

Title source: llm

Exploitation Summary

CVE-2023-3269 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including lrh2000.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-3269 (StackRot), a Linux kernel privilege escalation vulnerability affecting versions 6.1 through 6.4. The exploit leverages a use-after-free issue in the maple tree implementation to achieve local privilege escalation.

Description

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

Exploits (1)

nomisec WORKING POC 494 stars

by lrh2000 · local

https://github.com/lrh2000/StackRot

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-3269 (StackRot), a Linux kernel privilege escalation vulnerability affecting versions 6.1 through 6.4. The exploit leverages a use-after-free issue in the maple tree implementation to achieve local privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Linux kernel 6.1-6.4

No auth needed

Prerequisites: Local access to a vulnerable Linux system · Kernel version 6.1 through 6.4

MITRE ATT&CK