OS SecurityBleeping Computer
8.5 — CRITICAL
New CIFSwitch Linux flaw gives root on multiple distributions
A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A newly discovered local privilege escalation vulnerability, CIFSwitch, allows attackers to forge CIFS authentication key descriptions and gain root privileges on multiple Linux distributions with vulnerable kernel and cifs-utils versions.
⚙️Technical Details
Affected Systems
Linux Mint 21.3 / 22.3CentOS Stream 9Rocky Linux 9AlmaLinux 9Kali Linux 2021.4–2026.1SLES 15 SP7
Attack Vectors
Abuse of the kernel's key request mechanismForging CIFS authentication key descriptionsNamespace switch and NSS lookup before privileges are dropped
💥Impact Assessment
Severity: critical
Who Is at Risk
Users of affected Linux distributions with vulnerable kernel and cifs-utils versionsSeverity: critical
🛡️Recommended Actions
1Disable or blacklist the CIFS module if unused
2Remove the cifs-utils package if unnecessary
3Disable unprivileged user namespaces
📦Affected Products
Linux MintCentOS StreamRocky LinuxAlmaLinuxKali LinuxSLES
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.