New CIFSwitch Linux flaw gives root on multiple distributions

A local privilege escalation vulnerability called CIFSwitch in the Linux kernel's CIFS subsystem allows unprivileged users to forge cifs.spnego key requests and trick the root-privileged cifs.upcall helper into loading attacker-controlled NSS modules, resulting in root code execution; the flaw affects multiple Linux distributions under specific configurations, an upstream kernel patch and mitigations are available, and a proof-of-concept exploit has been published.