"A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges."
Assuming that local user access is simply impossible is a problem. But assuming that local user access means you're already fucked can be pretty damn honest. And sysadmins are the people who will know this the best.
Yes. If somebody can login to a machine which they shouldn’t, local exploits are least of our concerns, because this means we have bigger failures in many layers up to that point.
> It is already used in the most critical applications that require levels of assurance only seL4 can provide.
This sounds to me like embedded controĺ systems (airplanes, life support, etc.), not production servers for everyday internet services.
seL4 isn't exactly an everyday pull from a security toolkit though? It's like an entire paradigm. You build a business around the fact that you use seL4, you don't pull it off the shelf for an internet server.
In order to make a pie from scratch you must first create the universe. That's seL4.
Yes you're right. This doesn't mean I ignore vulnerabilities and play PacMan. Instead, I harden my systems first, observe and patch my systems second, and play PacMan then.
Jokes aside, we never take vulnerabilities lightly. However, we stick to our best practices and yet stay diligent.
"A flaw was found in the handling of stack expansion in the Linux kernel 6.1 through 6.4, aka "Stack Rot". The maple tree, responsible for managing virtual memory areas, can undergo node replacement without properly acquiring the MM write lock, leading to use-after-free issues. An unprivileged local user could use this flaw to compromise the kernel and escalate their privileges."