Home / Threat Intelligence bulletins / Linux StackRot vulnerability results in privilege escalation

Target Industry

Indiscriminate, opportunistic targeting.


Multiple Linux versions are affected by a vulnerability, tracked as CVE-2023-3269 (CVSSv3 score: 7.8) (also named ‘StackRot’), that results in the compromise of the kernel and the subsequent elevation of privileges.

A security researcher has disclosed that the flaw pertains to the kernel’s memory management subsystem, a component involved with the following features:

  • Implementing the virtual memory and demand paging
  • Memory allocation for the kernel’s requirement and the user space programmes
  • Mapping files into the processes’ address space.

The researcher also stated that the complete technical details regarding a StackRot proof-of-concept (PoC) exploit would be released by the end of July.


Successful exploitation of CVE-2023-3269 could allow an unprivileged threat actor to compromise the kernel and escalate their privileges, resulting in the attainment of unauthorised control over target system operations.

Vulnerability Detection

A security patch was released on 1st July for the affected product versions, the details of which are expected to be released by the end of July 2023. As such, previous versions are vulnerable to potential exploitation.

Affected Products

All kernel configurations on Linux versions 6.1 through 6.4.

Containment, Mitigations & Remediations

Prior to the patch details being released, it is strongly recommended that users determine the kernel version that their Linux software distribution package operates on and select a version that is not affected by StackRot or an updated release that contains the remediation.

Threat Landscape

Linux occupies a significant proportion of the server and desktop operating system market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to develop exploits for, Linux products have emerged as a prime target for threat actors. Due to the fact that Linux products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities within these product types in an attempt to exfiltrate sensitive data contained therein or impact associated business operations.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies


TA0004 – Privilege Escalation

Further Information

Ruihan Li Security Research

Security Online StackRot Analysis


An Intelligence Terminology Yardstick to showing the likelihood of events