// #local-root

CVE-2026-46243: 19-Year-Old Linux CIFS Kernel Flaw Grants Unprivileged Local Root Across Major Distributions

A long-latent vulnerability in the Linux kernel's CIFS filesystem subsystem allows any unprivileged local user to forge a upcall key and escalate directly to root. Patched kernels reached distribution repositories on 2–3 June; Red Hat, AlmaLinux, Rocky Linux, and CloudLinux all issued security advisories on 3 June. A public proof-of-concept exists.