CIFSwitch Local Root Exploit: Public Details and PoC Disclosed

The report describes a critical local root vulnerability (CIFSwitch) in Linux involving flawed validation in kernel key management and the cifs-utils privileged helper, allowing an unprivileged user to gain root by calling request_key with a forged CIFS SPNEGO description and leveraging namespace manipulation; a public proof-of-concept is available, multiple mainstream distributions are affected in default or common configurations, and mitigations (blocking the CIFS module, disabling unprivileged namespaces, overriding request-key rules) plus a queued kernel patch are provided.