CIFSwitch Vulnerability in Linux Allows Root Access via CIFS Exploit

A local privilege escalation vulnerability named 'CIFSwitch' has been discovered in the Linux kernel, enabling low-privileged users to gain root access. This flaw affects multiple Linux distributions that use vulnerable versions of the kernel's CIFS and cifs-utils. The vulnerability arises from the kernel's failure to verify the origin of cifs.spnego key requests, allowing attackers to forge requests. Distributions such as Ubuntu, Debian, and openSUSE are confirmed to be vulnerable under default configurations. A patch has been released to address the issue by validating request origins. The researcher, Asim Manizada, has provided a detailed technical report and proof of concept to aid in assessing exposure. Exploitation depends on several factors, including kernel and cifs-utils versions and specific security policies. Some distributions, including Amazon Linux 2 and certain versions of Kali Linux, are not affected due to their cifs-utils versions lacking the necessary functionality.

Key Points: • CIFSwitch vulnerability allows root access via forged CIFS authentication requests. • Multiple Linux distributions, including Ubuntu and Debian, are affected by this flaw. • A patch has been released to fix the vulnerability by validating request origins.