Discover what’s new in Lansweeper – Explore our 2024 Summer Launch! 🚀 Learn more


StackRot Vulnerability in Linux Kernel Leads to Privilege Escalation

2 min. read
By Laura Libeer

 TL;DR | Go Straight to the Linux “StackRot” Kernel Vulnerability Audit Report

On the 1st of July, Linux released a patch addressing the serious vulnerability dubbed StackRot that affects Linux versions 6.1 through 6.4. So far there is no evidence that the vulnerability would be exploited in the wild. If exploited the flaw could allow an unprivileged local user to gain elevated privileges on a target host. This could in turn compromise critical data and systems. We have added a report to Lansweeper to help you locate at-risk devices.


StackRot (CVE-2023-3269) is a Linux Kernel vulnerability in the memory management subsystem. It impacts all kernel configurations on Linux versions 6.1 through 6.4 and requires minimal capabilities to trigger. It received a CVSS score of 7.8. A responsible disclosure was made available on June 15th.

Specifically, StackRot is a use-after-free bug that takes advantage of a flaw in a data structure called maple tree that manages and stores VMAs. Maple tree replaced red-black tree (rbtree) in Linux kernel 6.1. StackRot takes advantage of the fact that the maple tree can undergo node replacement without properly acquiring the MM write lock.

Update Vulnerable Linux Devices

As of July 1st, StackRot has been fixed in Linux stable versions 6.1.37, 6.3.11, and 6.4.1. In order to protect your network, make sure to update any vulnerable devices as soon as possible. There is no evidence of the vulnerability being exploited in the wild yet. However, full details about the issue along with a complete exploit code are expected to be made public by the end of the month.

Discover Vulnerable Linux Devices

Our technical team has put together a new report, to help you locate vulnerable devices in your network. It will give you a list of all Linux devices in your network that are still on versions 6.1 through 6.4. You can get to the report via the link below. That way, you have an actionable list of devices that may still need your intervention.


Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.