Multiple Linux distros hit by major ‘CIFSwitch’ flaw that gives attackers root access

• Researcher Asim Viladi Oglu Manizada disclosed CIFSwitch, a Linux privilege‑escalation flaw lingering for nearly 20 years
• Affects major distros including Mint, CentOS Stream 9, Rocky Linux 9, AlmaLinux 9, Kali Linux, SLES 15 SP7
• Mitigation includes applying updates, disabling unnecessary file‑sharing components, and restricting exploitable features

Security researchers are warning about a new vulnerability in certain Linux distributions, which can be abused to uplift regular accounts to system administrators.

The vulnerability was discovered by researcher Asim Viladi Oglu Manizada, who named it “CIFSwitch”. It affects a feature that allows Linux computers to connect to shared files and folders on other devices across a network. He also published a proof-of-concept (PoC) for the bug, which can be found here.

Manizada says the vulnerability lingered in Linux distributions for almost two decades, and stressed that it can be exploited under certain conditions to elevate a user’s privileges from a standard account to full root access.

Kernel update

Numerous popular Linux distributions were said to be affected, including Mint, CentOS Stream 9, Rocky Linux 9, AlmaLinux 9, Kali Linux, and SLES 15 SP7. Other operating systems based on Linux, including some versions of Ubuntu and Debian, were also said to be potentially affected, depending on software packages installed.

Some distributions are not at risk, including those that lack the affected functionality entirely, and some newer versions that include security protections against this type of attack.

The vulnerability was fixed through a kernel update, but not all distros are patched just yet. Users are advised to install the latest security updates as soon as they become available. Admins can also disable unnecessary file-sharing components and restrict features that could help attackers exploit the flaw, if they want to be more on the safe side.

This is the latest in a series of privilege-escalation flaws that were recently discovered in Linux, BleepingComputer reminds. Before CIFSwitch, researchers discovered Copy Fail, Dirty Frag, Fragnesia, DirtyDecrypt, and PinTheft.

It’s also worth mentioning that Manizada used a Large Language Model (LLM) to discover CIFSwitch: “A distro-specific Linux LPE found by harnessing LLMs into better multihop knowledge composition,” he concluded.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.