A long-standing vulnerability in the Linux kernel, identified as CIFSwitch, has been discovered that impacts the CIFS subsystem, allowing low-privileged users to gain root-level privileges on many Linux distributions for over 19 years. The flaw is related to how the CIFS subsystem handles authentication without validating the source of key requests. An attacker can exploit this by supplying their own key description to gain unauthorized root access.
Affected distributions include certain versions of Linux Mint, CentOS, and others, while many popular distributions like Ubuntu have already rolled out patches. A proof-of-concept code has been published to assist in mitigating the vulnerability.