Impact
The flaw resides in cifs-utils; the helper fails to drop root privileges before looking up user information within a user‑controlled environment. A low‑privileged local attacker can craft a request_key payload that forces the root‑owned helper to execute inside a custom namespace containing a malicious NSS module. This causes the system to load the attacker’s controlled NSS module and configuration, giving the attacker the ability to execute arbitrary commands as root, fully compromising the system. The weakness is a CWE‑250 (System Default Privilege) violation, meaning a program can perform privileged actions due to insufficient privilege checks.
Affected Systems
Affected products are all supported Red Hat Enterprise Linux releases from 6 through 10 and the Red Hat OpenShift Container Platform 4. The specific affected versions are not enumerated in the CNA data; any installation of cifs‑utils from those families prior to the patch should be considered vulnerable.
Risk and Exploitability
The vulnerability scores a CVSS of 7.8, indicating a high severity local privilege escalation. The EPSS score of less than 1% suggests that real‑world exploitation is unlikely, and the vulnerability is not currently listed in the CISA KEV catalog. The attack requires local access with low privileges and a crafted request_key command; once executed, it escalates to root. The path is straightforward because the helper only checks for root dropping after reading the environment.
OpenCVE Enrichment
Ubuntu USN