Wednesday Greg Kroah-Hartman introduced the discharge of the 6.4.2 kernel. “All customers of the 6.4 kernel sequence should improve.”
The Hacker Information experiences:
Particulars have emerged a couple of newly recognized safety flaw within the Linux kernel that might enable a consumer to realize elevated privileges on a goal host. Dubbed StackRot (CVE-2023-3269, CVSS rating: 7.8), the flaw impacts Linux variations 6.1 by means of 6.4. There isn’t a proof that the shortcoming has been exploited within the wild thus far.
“As StackRot is a Linux kernel vulnerability discovered within the reminiscence administration subsystem, it impacts nearly all kernel configurations and requires minimal capabilities to set off,” Peking College safety researcher Ruihan Li mentioned. “Nevertheless, it must be famous that maple nodes are freed utilizing RCU callbacks, delaying the precise reminiscence deallocation till after the RCU grace interval. Consequently, exploiting this vulnerability is taken into account difficult.”
Following accountable disclosure on June 15, 2023, it has been addressed in steady variations 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and extra technical specifics in regards to the bug are anticipated to be made public by the top of the month.
ZDNet factors out that Linux 6.4 “provides improved {hardware} enablement for ARM boards” and does a greater job with the ability calls for of Steam Deck gaming units. And “On the software program facet, the Linux 6.4 launch consists of extra upstreamed Rust code. We’re getting ever nearer to full in-kernel Rust language help.”
The Register additionally notes that Linux 6.4 additionally consists of “the beginnings of help for Apple’s M2 processors,” together with help for hibernation of RISC-V CPUs, “a probable presage to such silicon powering laptop computer computer systems.”
