CIFSwitch: Linux Kernel LPE Gives Root on Mint, Rocky, AlmaLinux

CIFSwitch is a local privilege escalation (LPE — a class of vulnerability where an already-logged-in, low-privilege user gains full administrative root access) flaw in the Linux kernel's CIFS (Common Internet File System — the protocol underlying Windows file sharing, Samba, and SMB-based network drives) client subsystem, present in unpatched kernels across multiple mainstream distributions as of May 30, 2026. Asim Manizada, a security engineer at SpaceX who discovered the bug using AI-assisted analysis, published a working proof-of-concept (PoC) exploit on May 28, 2026 alongside a coordinated disclosure to the oss-security mailing list. The exploit achieves a full root shell from any low-privilege local account in a single command. No CVE identifier has been assigned at time of publication; the upstream Linux kernel patch is available.

// 01 CIFSwitch: Technical Details

CIFSwitch lives at the intersection of the Linux kernel's CIFS client and the cifs-utils userspace package, specifically in the SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism — the protocol used to negotiate authentication methods, such as Kerberos, when mounting SMB network shares) upcall path.

When the kernel CIFS client must authenticate to a remote SMB server, it issues a request_key(2) (a Linux kernel system call that asks the key retention service to locate or create a cryptographic key) to obtain a cifs.spnego key. The kernel's default /etc/request-key.conf rule responds by spawning cifs.upcall — a SUID (Set User ID — a file permission bit that causes a program to run as its owner, here root, regardless of who invokes it) helper binary supplied by the cifs-utils package — to handle the authentication negotiation.

The critical flaw: the kernel never validates whether the cifs.spnego key request originates from within the kernel itself or from arbitrary unprivileged userspace. Because both add_key(2) and request_key(2) are available to unprivileged processes, an attacker can forge a cifs.spnego key description and submit it, tricking the kernel into believing it is a legitimate CIFS authentication request. The default key-request rules then spawn cifs.upcall as root with attacker-controlled arguments — specifically the pid and upcall_target fields.

The full exploit chain, as documented in Manizada's disclosure:

• The attacker creates a private user namespace and mount namespace — isolated execution environments Linux provides to unprivileged processes for container-like isolation
• A forged cifs.spnego key description passes upcall_target=app and an attacker-controlled pid, causing cifs.upcall to enter the attacker's controlled namespace
• Before cifs.upcall drops its root privileges, it performs an NSS (Name Service Switch — Linux's resolution mechanism for hostnames, users, and groups, configured in /etc/nsswitch.conf) lookup
• The attacker's controlled mount namespace exposes a forged /etc/nsswitch.conf pointing to a malicious .so (shared library) file under an attacker-writable path
• The SUID cifs.upcall binary loads and executes the attacker's shared library as root
• The malicious library writes to /etc/sudoers.d/ granting the attacker NOPASSWD: ALL — unconditional root access through sudo

The entire chain executes from a single shell script in seconds. The bug has been present in the kernel since 2007 — 19 years of undetected exposure across the entire CIFS SPNEGO upcall lifetime.

CIFSwitch was found using an AI-assisted multihop reasoning approach: Manizada built semantic graphs of privileged consumers, object property flows, and security check timing across kernel/userspace boundaries, then traversed those graphs with LLM-augmented reasoning tools to identify validation gaps that conventional code review and static analysis missed across 19 annual kernel releases.

The upstream fix (kernel commit 3da1fdf4efbc) adds a vet_description hook to the cifs.spnego key type, ensuring that key requests are accepted only when they originate from the CIFS client's internal spnego_cred context — blocking unprivileged userspace from impersonating the kernel.

// 02 Exploitation Status and Threat Landscape

The CIFSwitch PoC was published simultaneously with the oss-security mailing list disclosure on May 28, 2026, and is described by the researcher as reliable on all confirmed-vulnerable distributions. The exploit requires no compilation or dependency installation on the target — it operates entirely through standard Linux system calls.

No CVE identifier has been assigned. The upstream kernel patch is merged and available; distribution vendors are in various stages of packaging and shipping kernel updates. CloudLinux has published CIFSwitch-specific kernel guidance, and CIQ has published Rocky Linux mitigation steps.

CIFSwitch is not listed on the CISA KEV (Known Exploited Vulnerabilities — the U.S. Cybersecurity and Infrastructure Security Agency's catalog of flaws confirmed to be actively exploited in the wild) catalog. There are no public reports of active exploitation at time of publication. However, the combination of a single-command PoC, six mainstream distribution families affected by default, and a trivial execution path makes opportunistic exploitation by attackers targeting shared hosting environments, CI/CD infrastructure, and multi-user Linux servers probable within days.

// 03 Who Is Affected

CIFSwitch requires three concurrent conditions:

• An unpatched kernel version containing the CIFS SPNEGO upcall handler
• cifs-utils 6.14 or later installed (or certain older versions with backported vulnerability fixes that inadvertently introduced the issue)
• Unprivileged user namespace creation enabled, with permissive SELinux or AppArmor policies

Vulnerable by default (confirmed):

• Linux Mint 21.3 and 22.3
• CentOS Stream 9
• Rocky Linux 9
• AlmaLinux 9
• Kali Linux 2021.4 through 2026.1
• SUSE Linux Enterprise Server (SLES) 15 SP7

Protected by default mandatory access control:

• Ubuntu 26.04 (AppArmor profile restricts unprivileged user namespace creation)
• Fedora 40–44 (SELinux policy blocks the attack path)
• CentOS Stream 10, Rocky Linux 10, AlmaLinux 10 (updated SELinux policy)
• SLES 16, openSUSE Leap 16
• Amazon Linux 2 (Kali Linux 2019.4 / 2020.4 also unaffected)

Organizations running Rocky Linux 9 or AlmaLinux 9 as production servers — common in enterprise environments that migrated from the EOL CentOS Linux 8 — are at particular operational risk. These distributions ship user namespaces enabled and without the mandatory access control policies that protect newer versions, meaning any local user account on any affected server can trivially escalate to root without kernel patch or sysctl workaround in place.

// 04 What You Should Do Right Now

• Apply the kernel patch as your highest priority. The upstream fix is in commit 3da1fdf4efbc. Check your distribution's security advisory feed and apply the vendor-packaged kernel update as soon as it is available. Reboot is required to activate the new kernel.
• Apply the sysctl workaround immediately on vulnerable systems while waiting for the kernel package:

“bash echo "kernel.unprivileged_userns_clone=0" | sudo tee -a /etc/sysctl.conf sudo sysctl -p “ This disables unprivileged user namespace creation, which is the exploit's first prerequisite. Verify this does not break workloads that depend on user namespaces (Docker with rootless mode, Podman, some browser sandboxes) before applying in production.

• Check your cifs-utils installation. Run rpm -q cifs-utils (RHEL-family) or dpkg -l cifs-utils (Debian-family). If cifs-utils is not actively needed for SMB/CIFS file shares on that system, remove it: sudo dnf remove cifs-utils or sudo apt remove cifs-utils. Removing cifs-utils eliminates the SUID helper that the exploit depends on.
• Audit multi-user and shared-access systems first. Any server where untrusted or semi-trusted local accounts can log in — shared hosting, university compute nodes, CI/CD workers, developer jump hosts — should be patched before single-user or dedicated servers.
• Enable and enforce SELinux or AppArmor. If you have disabled mandatory access control on a system for compatibility reasons, the CIFSwitch disclosure is a concrete demonstration of the risk that creates. Re-enable enforcement mode and test your workloads.
• Monitor for indicators of exploitation. Watch for unexpected invocations of cifs.upcall in process logs, new files in /etc/sudoers.d/, unusual SUID binary creation, or new root-owned processes spawned from non-root parent processes.

// 05 Background: Understanding the Risk

Local privilege escalation vulnerabilities in the Linux kernel are operationally significant precisely because they complete the second half of a two-stage attack: after an initial foothold (phishing, web application exploitation, credential theft), an LPE vulnerability transforms a restricted shell account into full system ownership.

CIFSwitch's 19-year latency is a textbook example of how complex cross-layer trust assumptions accumulate technical debt. The cifs.spnego authentication path involves at least four distinct components — the kernel CIFS client, the request_key key retention service, the cifs.upcall SUID helper, and NSS lookups — each maintained by different teams and reviewed in isolation. No single reviewer held a mental model spanning all four simultaneously, and so the implicit assumption "only the kernel issues cifs.spnego requests" was never encoded as an explicit validation check.

The AI-assisted discovery method is notable for its practical application: rather than fuzzing or symbolic execution, Manizada used LLMs to traverse semantic graphs of privilege flows, catching the subtle timing assumption (NSS lookup before privilege drop) and cross-component trust boundary that traditional analysis skips over. This pattern of AI-augmented vulnerability research is likely to surface more latent, complex flaws in the near term.

Previous Linux kernel LPE vulnerabilities with similar public-PoC-plus-broad-distribution profiles include CVE-2022-0847 (Dirty Pipe) — a write-to-read-only-files flaw weaponized within days — and CVE-2021-4034 (PwnKit), a 12-year-old Polkit bug that achieved root via pkexec and saw rapid exploitation across enterprise Linux fleets. CIFSwitch's profile — single-command PoC, widespread distro coverage, multi-user relevance — closely matches both precedents.

// 06 Conclusion

CIFSwitch reduces local root access on six mainstream Linux distributions to a single command. Patch the kernel, disable unprivileged user namespaces as an interim workaround on vulnerable distributions, and remove cifs-utils on systems that do not need SMB file mounting. Multi-user Linux servers — shared hosts, CI/CD runners, jump boxes — should be treated as the highest-priority targets for patching given that any authenticated account, including the most restricted service accounts, can exploit CIFSwitch to gain full root.