Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New Linux Kernel Flaw ‘CIFSwitch’ Threatens Security

New Linux Kernel Flaw ‘CIFSwitch’ Threatens Security

Posted on May 28, 2026 By CWS

A recent vulnerability in the Linux kernel, identified as ‘CIFSwitch’, poses a significant security risk by allowing low-privileged users to obtain root access. This issue arises from a logic flaw between the Linux kernel’s CIFS client and the userspace cifs-utils package.

Discovery and Technical Details

The vulnerability was uncovered by security researcher Asim Manizada, who has provided a detailed analysis and proof-of-concept (PoC) to aid in the assessment of exposure and validation of patches. The problem originates from inadequate validation of key descriptions in the CIFS.Spnego key type, enabling unprivileged users to impersonate privileged kernel requests.

An AI-assisted, multihop reasoning approach was used to discover the flaw, which involves creating semantic graphs of security-relevant objects and flows. This technique allows for the chaining of minor logic flaws into an effective exploit.

Impact and Exploitation

The vulnerability was disclosed following an embargo with Linux distributions, and kernel patches are now available. CIFS/SMB, a Windows-style network filesystem protocol on Linux, is affected, as the kernel CIFS client handles essential filesystem operations while Kerberos/SPNEGO authentication is managed by the root-privileged cifs-upcall provided by cifs-utils.

The kernel’s request_key() call for CIFS.Spnego keys passes a trusted description string with server, UID, PID, and namespace target parameters. However, Manizada’s research revealed that the kernel did not ensure the origin of these descriptions before treating them as trusted.

Security Measures and Recommendations

Exploitation requires a vulnerable kernel, a compatible cifs-utils version, and unprivileged user namespace creation. Many mainstream Linux distributions have been found vulnerable out-of-the-box when cifs-utils is present, while others require adjustments to Linux Security Module (LSM) policies.

The kernel patch introduces a vet_description hook for the CIFS.Spnego key type to verify that descriptions are requested under the CIFS client’s internal spnego_cred. This measure prevents unprivileged userspace from posing as the kernel. Additional hardening is advised to ensure cifs-upcall does not blindly trust kernel-originated descriptions.

Administrators are urged to implement backported kernel patches swiftly and consider further security measures. These include disabling unused CIFS features, removing cifs-utils, refining request-key rules for CIFS.Spnego, and limiting unprivileged user namespaces to bolster security.

For ongoing updates on this and other security issues, follow us on Google News, LinkedIn, and X.

Cyber Security News Tags:cifs-utils, CIFSwitch, Cybersecurity, IT security, kernel vulnerability, Linux kernel, Linux security, privilege escalation, root access, security flaw

Post navigation

Previous Post: Geordie Secures $30M to Enhance AI Governance
Next Post: GreyVibe Hackers Leverage AI for Advanced Cyber Threats

Related Posts

W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks Cyber Security News
Microsoft Defender Identifies New Trojanized Gaming Tool Threat Microsoft Defender Identifies New Trojanized Gaming Tool Threat Cyber Security News
Cybersecurity Newsletter Weekly – AWS Outage, WSUS Exploitation, Chrome Flaws, and RDP Attacks Cybersecurity Newsletter Weekly – AWS Outage, WSUS Exploitation, Chrome Flaws, and RDP Attacks Cyber Security News
Cisco Unified Contact Center Express Vulnerabilities Enables Remote Code Execution Attacks Cisco Unified Contact Center Express Vulnerabilities Enables Remote Code Execution Attacks Cyber Security News
F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands Cyber Security News
GitHub RCE Flaw Threatens Server Security GitHub RCE Flaw Threatens Server Security Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark