CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years

CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years
CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years

• CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES.
• CIFSwitch stands apart from typical privilege escalation vulnerabilities because of how it was discovered. Asim Manizada, a security engineer at SpaceX, didn’t find it by auditing source code the old-fashioned way. He built an AI-powered framework that constructs semantic graphs of kernel objects and their relationships, then had the models walk those graphs looking for mismatches between what a component creates and what a privileged consumer assumes. The result is a multi-step logic chain that reaches root on major distros, including Linux Mint, CentOS Stream 9, Rocky Linux 9, AlmaLinux 9, Kali Linux, and SLES 15.

Full analysis: https://securitycyber.uk
Source: https://securityaffairs.com/192959/security/a-spacex-security-engineer-used-ai-to-find-a-19-year-old-linux-bug-that-gives-attackers-root.html

---

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended resources to go deeper: https://www.hackthebox.com for hands-on practice, https://portswigger.net/web-security for free web security labs, and https://academy.tcm-sec.com for structured courses.

Originally published at https://securitycyber.uk