A newly disclosed Linux kernel privilege escalation flaw called CIFSwitch can let unprivileged attackers forge CIFS authentication requests and gain root access through the kernel key request path. The issue affects multiple Linux distributions under certain configurations, and a patch plus mitigations such as disabling CIFS, removing cifs-utils, and restricting user namespaces are recommended. #CIFSwitch #cifs-utils #LinuxKernel
Keypoints
- CIFSwitch is a local privilege escalation flaw in the Linux kernel CIFS subsystem.
- Attackers can forge cifs.spnego requests and abuse the key request mechanism.
- The bug can lead to root code execution through a malicious NSS module load.
- Multiple Linux distributions are affected when vulnerable kernel and cifs-utils versions are installed.
- A kernel patch now validates request origins, and users are advised to reduce exposure by disabling CIFS and user namespaces.