{"id":257951,"date":"2026-05-28T11:18:00","date_gmt":"2026-05-28T15:18:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/new-linux-cifswitch-kernel-vulnerability-allows-attackers-to-gain-root-access\/"},"modified":"2026-05-28T13:10:08","modified_gmt":"2026-05-28T17:10:08","slug":"new-linux-cifswitch-kernel-vulnerability-allows-attackers-to-gain-root-access","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/new-linux-cifswitch-kernel-vulnerability-allows-attackers-to-gain-root-access\/","title":{"rendered":"New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/linux-cifswitch-kernel-vulnerability\/amp\/\">New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/linux-cifswitch-kernel-vulnerability\/amp\/\">https:\/\/cybersecuritynews.com\/linux-cifswitch-kernel-vulnerability\/amp\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-28 11:18:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">A newly disclosed Linux local privilege escalation (LPE) vulnerability dubbed \u201cCIFSwitch\u201d enables low-privileged users to gain root access by abusing a logic flaw between the Linux kernel CIFS client and the userspace\u00a0cifs-utils\u00a0package.<\/p>\n<p class=\"wp-block-paragraph\">The bug was discovered by security researcher\u00a0Asim Manizada, who has published a detailed technical write-up and PoC to help defenders assess their exposure and validate patches.<\/p>\n<p class=\"wp-block-paragraph\">The issue stems from improper validation of key descriptions in the\u00a0CIFs.Spnego\u00a0key type, allowing unprivileged users to impersonate trusted kernel requests and trigger privileged operations.<\/p>\n<h2 id=\"h-linux-cifswitch-kernel-vulnerability\" class=\"wp-block-heading\"><strong>Linux CIFSwitch Kernel Vulnerability<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The vulnerability was found using an AI-assisted, multihop reasoning approach that builds and walks semantic graphs of security-relevant objects and flows, enabling the chaining of subtle logic flaws into a practical exploit.<\/p>\n<p class=\"wp-block-paragraph\">The advisory was disclosed after an embargo coordinated with Linux distributions, and upstream kernel patches are already available. <\/p>\n<p class=\"wp-block-paragraph\">CIFS\/SMB is a widely used Windows-style network filesystem protocol on Linux. In this architecture, the kernel CIFS client handles core filesystem operations.<\/p>\n<p class=\"wp-block-paragraph\">At the same time, Kerberos\/SPNEGO authentication is delegated to a root-privileged userspace helper,\u00a0cifs\u2014upcall, provided by\u00a0cifs-utils.<\/p>\n<p class=\"wp-block-paragraph\">The interaction uses Linux keyrings: the kernel calls\u00a0request_key()\u00a0for CIFS. spnego\u00a0key, passing a trusted description string that encodes parameters such as server, UID, credential UID, PID, and namespace target.<\/p>\n<p class=\"wp-block-paragraph\">The\u00a0\/sbin\/request-key\u00a0policy then launches\u00a0cifs\u2014upcall\u00a0as root to process that request.<\/p>\n<p class=\"wp-block-paragraph\">Manizada\u2019s research showed that the kernel did not verify whether the\u00a0cifs.The SPnego\u00a0key description actually originated from the CIFS subsystem before being treated as trusted.<\/p>\n<p class=\"wp-block-paragraph\">This omission allows any unprivileged process to directly invoke\u00a0request_key(\u201ccifs.spnego\u201d, , \u2026).<\/p>\n<p class=\"wp-block-paragraph\">Because the key type is\u00a0cifs, spnego, the default request-key rule still&#8230;<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/linux-cifswitch-kernel-vulnerability\/amp\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access https:\/\/cybersecuritynews.com\/linux-cifswitch-kernel-vulnerability\/amp\/ Publish Date: 2026-05-28&#8230;<\/p>\n","protected":false},"author":1,"featured_media":257953,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"http:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/05\/New-Linux-CIFSwitch-Kernel-Vulnerability-Allows-Low-privileged-Users-to-Gain-root-Access.webp","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[31,89,71,57,27],"class_list":["post-257951","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-exploit","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257951"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=257951"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257951\/revisions"}],"predecessor-version":[{"id":257956,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257951\/revisions\/257956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/257953"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=257951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=257951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=257951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}