Description:
A local privilege escalation vulnerability (CIFSwitch) is found in the Linux kernel. This vulnerability could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges.
Reports indicated that proof-of-concept (PoC) exploit code is publicly available for an elevation of privilege vulnerability and it is at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Linux kernel version with the CIFS client capability and the cifs-utils package version 6.14 or high
Impact:
Successful exploitation of the vulnerability could lead to elevation of privilege on an affected system.
Recommendation:
System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://github.com/manizada/CIFSwitch
