Discover Linux Devices Vulnerable to CVE-2023-3269 "StackRot"
Linux has released a security update to address the StackRot vulnerability that affects Linux kernel versions 6.1 through 6.4. The bug can be triggered with minimal capabilities and allows a user to compromise the kernel and elevate privileges. So far there are no signs of the flaw being exploited in the wild. Full details about the issue along with a complete exploit code are expected to be made public by the end of the month. The issue has been fixed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1. All users are advised to update any vulnerable devices as soon as possible. You can find more information in our Linux "StackRot" Vulnerability blog post.
To help you locate vulnerable Linux devices, the report below will give you an overview of all devices running versions 6.1 through 6.4. This way you have an actionable list of installs that may need your intervention.
Linux "StackRot" Kernel Vulnerability Audit Lansweeper On-Prem Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tblAssets.Username, tblAssets.Userdomain, Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon, tblAssets.IPAddress, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblLinuxSystem.osrelease, tblLinuxSystem.kernelrelease, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID inner join tblLinuxSystem on tblLinuxSystem.AssetID = tblassets.AssetID Inner Join tblState On tblState.State = tblAssetCustom.State Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where (tblLinuxSystem.kernelrelease like '6.1%' or tblLinuxSystem.kernelrelease like '6.2%' or tblLinuxSystem.kernelrelease like '6.3%' or tblLinuxSystem.kernelrelease like '6.4%') and tblState.Statename = 'Active' Order By tblAssets.Domain, tblAssets.AssetName