A newly disclosed Linux flaw called CIFSwitch can let a normal local user take full control of an affected system. The bug is a local privilege-escalation issue in the Linux kernel CIFS subsystem and cifs-utils, where forged cifs.spnego key requests can make the root-run cifs.upcall helper trust attacker-controlled data and load a malicious NSS module. The researcher says vulnerable combinations affect multiple distributions, published a proof-of-concept exploit, and points to upstream fix commit 3da1fdf.
Why it matters: This matters for multi-user Linux systems and enterprise fleets because a user or attacker who already has limited access may be able to become root. Organizations should identify affected distributions, apply vendor kernel updates, and consider mitigations such as disabling unprivileged user namespaces or removing unused CIFS components.
Ionut Arghire
2026.06.01
96% relevant
This article is a direct update on the same CIFSwitch Linux kernel privilege-escalation flaw, adding that PoC exploit code has now been released and summarizing affected and non-affected distributions plus the root cause involving the CIFS subsystem and cifs.upcall.
Bill Toulas
2026.05.30
100% relevant
This article appears to establish a new tracked event: the public disclosure of the CIFSwitch Linux privilege-escalation flaw, including affected distributions, mitigation guidance, and a released proof-of-concept.
← Back to all stories