Andrei Datcu wrote on 24/07/2023: > Hello! > > This is my first submission and as such I would like to report a > vulnerability: CVE-2023-3269, named "Stack Rot". > > This is a flaw in the handling of stack expansion. I won't go into too many > details, as I am a linux sysadmin, not a programmer and I will leave sources > below from the discoverer of this vulnerability and the git merge message > that Linus Torvalds published. > An unprivileged local user could use this flaw to compromise the kernel and > escalate their privileges. On June 28th, during the merge window for Linux > kernel 6.5, the fix was merged into Linus' tree. > The patches were also backported to stable kernel (6.1.37, 6.3.11 and 6.4.1), > so the bug was resolved since July 1st. However, in my testing of Mantic > Minotaur, the daily build from 24072023, I have noticed that the kernel it > was using was version 6.3.0-7. And I haven't seen any submissions regarding > this on lists.ubuntu.com, so I decided to post it here to. hopefully, apply > the patch to the kernel.
Hello, the CVE is known already, how it affects Ubuntu is tracked here: https://ubuntu.com/security/CVE-2023-3269 https://launchpad.net/bugs/cve/CVE-2023-3269 Please note that this mailing list is not the right channel to report security issues in Ubuntu. Better ways are: - Report a bug against the relevant Ubuntu package, setting the information type to "Public Security" or "Private Security". - Directly email the security team. See the "How to report an issue to us" section here: https://ubuntu.com/security/disclosure-policy. Thanks, Paride -- Ubuntu-quality mailing list Ubuntu-quality@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-quality
