{"id":259605,"date":"2026-05-30T10:16:00","date_gmt":"2026-05-30T14:16:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/30\/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions\/"},"modified":"2026-05-30T10:40:17","modified_gmt":"2026-05-30T14:40:17","slug":"new-cifswitch-linux-flaw-gives-root-on-multiple-distributions","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/30\/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions\/","title":{"rendered":"New CIFSwitch Linux flaw gives root on multiple distributions"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions\/\">New CIFSwitch Linux flaw gives root on multiple distributions<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-30 10:16:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>A newly discovered local privilege escalation vulnerability dubbed &#8216;CIFSwitch&#8217; in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel&#8217;s key request mechanism, and gain root privileges.<\/p>\n<p>The issue impacts multiple Linux distributions that ship vulnerable combinations of the kernel CIFS and cifs-utils (versions 6.14 and higher, although some older variants are also affected).<\/p>\n<p>CIFS (Common Internet File System) is a networking protocol that allows access to files, folders, and devices across a local network. Linux uses it to mount, read, and write data from remote systems.<\/p>\n<p>If a CIFS network share uses Kerberos for authentication, the Linux kernel asks a helper program in user space to perform authentication, with the cifs-utils collection of user-space tools serving as the intermediary.<\/p>\n<p>&#8220;The kernel requests a cifs.spnego-type key, and the normal keyutils\/request-key config runs cifs.upcall as root to fetch or build the Kerberos\/SPNEGO material,&#8221; explains Asim Viladi Oglu Manizada, a SpaceX security engineer who discovered and named the CIFSwitch privilege escalation vulnerability in Linux.<\/p>\n<p>The researcher says that the problem consists of the Linux kernel&#8217;s CIFS subsystem failing to verify that cifs.spnego key requests originate from the kernel&#8217;s CIFS client.<\/p>\n<p>As a result, an unprivileged user can create a forged cifs.spnego request and trigger the normal authentication workflow.<\/p>\n<p>A cifs.spnego key request is used by the Linux keyring subsystem to obtain authentication data needed by the CIFS\/SMB client when connecting to a network share using Kerberos\/SPNEGO authentication.<\/p>\n<p>The flaw allows the root-privileged cifs.upcall helper to trust attacker-controlled fields that it assumes were generated by the kernel.<\/p>\n<p>By abusing these fields to force a namespace switch and then triggering a Name Service Switch (NSS) lookup before privileges are dropped, a local attacker can load a malicious NSS module and&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New CIFSwitch Linux flaw gives root on multiple distributions https:\/\/www.bleepingcomputer.com\/news\/security\/new-cifswitch-linux-flaw-gives-root-on-multiple-distributions\/ Publish Date: 2026-05-30 10:16:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":259607,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2025\/06\/18\/Linux_tux.jpg","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[89,71,57,27],"class_list":["post-259605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259605"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=259605"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259605\/revisions"}],"predecessor-version":[{"id":259609,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/259605\/revisions\/259609"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/259607"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=259605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=259605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=259605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}