Telegram News

Source-attributed Telegram item

SIT Reports: 🔍 CIFSwitch opens local root path on multiple Linux distributions A newly disclosed Linux...

Source-attributed Telegram post from SIT Reports: 🔍 CIFSwitch opens local root path on multiple Linux distributions A newly disclosed Linux local privilege escalation flaw, dubbed CIFSwitch, abuses forged...

Global Conflict

SIT Reports

@sitreports | rank 71 | Tier 3 | Fast-alert source

Fast Alert Sensor Tier 3 Fast-alert source Situation-report fast-alert perspective Fast situation reports can outrun confirmation and should be cross-checked source-attributed Telegram source claim Public Telegram post fast-alert sensor global conflict situation reports

Public Telegram broadcast channel promoted after bounded no-media handle validation on 2026-05-31.

340 views 2 forwards 0 reactions Top 59.26% in source Source rank #17 Global pct 11.62

Original English English

🔍 CIFSwitch opens local root path on multiple Linux distributions

A newly disclosed Linux local privilege escalation flaw, dubbed CIFSwitch, abuses forged cifs.spnego key requests to make the root-run cifs.upcall helper trust attacker-controlled data. The issue affects systems using vulnerable kernel CIFS plus cifs-utils combinations, with confirmed exposure on Linux Mint 21.3/22.3, CentOS Stream 9, Rocky 9, AlmaLinux 9, Kali 2021.4–2026.1, and SLES 15 SP7.

Operationally, exploitation is local and conditional, requiring user namespaces and permissive SELinux or AppArmor policy, but it results in root code execution. Upstream has patched request-origin validation; practical mitigation is to update, disable unused CIFS support, remove unnecessary cifs-utils, and turn off unprivileged user namespaces where feasible.

🛰️ Open sources - closed narratives
@sitreports

global-conflict conflict fast-alert-sensor situation-reports exploit
Telegram media item Media served by Telegram. The preview loads from telegram.org when this card is visible. Open original Telegram post