A severe vulnerability known as 'SLUBStick' has been discovered in recent Linux kernel versions, potentially allowing attackers to gain full control over affected systems.

SLUBStick is a novel Linux Kernel cross-cache attack that boasts a remarkable 99% success rate in exploiting heap vulnerabilities for arbitrary memory read-and-write capabilities.

This attack improves upon existing cross-cache techniques, which typically achieve only a 40% success rate, by utilizing timing side channels to predict memory allocation and deallocation.

By leveraging the SLUB memory allocator, SLUBStick performs highly reliable cross-cache attacks, particularly effective against commonly used memory caches.

The attack affects Linux kernel versions 5.19 and 6.2, allowing unprivileged users to elevate their privileges and escape container environments.

SLUBStick enables privilege escalation to root level, providing attackers with unlimited operations and the ability to break out of sandboxed environments to access the host system.

While SLUBStick requires local access and the presence of heap vulnerabilities, it allows attackers to escalate privileges, bypass kernel defenses, and perform container escapes.

The attack has been demonstrated to be effective against nine real-world Linux vulnerabilities, achieving privilege escalation and container escape even with modern kernel defenses enabled.

SLUBStick exploits flaws in the Linux kernel's memory management system, manipulating memory chunks called 'slabs' through cross-cache attacks.

Security expert John Smith warns that this technique transforms minor memory bugs into full system compromises with high reliability.

This discovery underscores the ongoing challenges in securing complex operating systems like Linux, which is widely used across various devices from servers to embedded systems.

Researchers suggest mitigations such as randomizing allocator caches and hardening page table access, though a complete solution may require fundamental changes to kernel memory management.