Wednesday Greg Kroah-Hartman introduced the discharge of the 6.4.2 kernel. “All customers of the 6.4 kernel collection should improve.”
The Hacker Information experiences:
Particulars have emerged a couple of newly recognized safety flaw within the Linux kernel that might enable a person to realize elevated privileges on a goal host. Dubbed StackRot (CVE-2023-3269, CVSS rating: 7.8), the flaw impacts Linux variations 6.1 by way of 6.4. There isn’t any proof that the shortcoming has been exploited within the wild thus far.
“As StackRot is a Linux kernel vulnerability discovered within the reminiscence administration subsystem, it impacts virtually all kernel configurations and requires minimal capabilities to set off,” Peking College safety researcher Ruihan Li mentioned. “Nevertheless, it ought to be famous that maple nodes are freed utilizing RCU callbacks, delaying the precise reminiscence deallocation till after the RCU grace interval. Consequently, exploiting this vulnerability is taken into account difficult.”
Following accountable disclosure on June 15, 2023, it has been addressed in secure variations 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and extra technical specifics concerning the bug are anticipated to be made public by the tip of the month.
ZDNet factors out that Linux 6.4 “gives improved {hardware} enablement for ARM boards” and does a greater job with the facility calls for of Steam Deck gaming gadgets. And “On the software program facet, the Linux 6.4 launch consists of extra upstreamed Rust code. We’re getting ever nearer to full in-kernel Rust language help.”
The Register additionally notes that Linux 6.4 additionally consists of “the beginnings of help for Apple’s M2 processors,” together with help for hibernation of RISC-V CPUs, “a probable presage to such silicon powering laptop computer computer systems.”
