This skill automates detection and remediation auditing for CVE-2026-46243, a high-severity Local Privilege Escalation (LPE) flaw affecting Linux systems that use CIFS and cifs-utils. It performs multi-stage heuristic analysis without modifying the target system.
The skill checks kernel patching status by scanning for unpatched versions and inspecting /proc/kallsyms for the fix symbol cifs_spnego_key_vet_description. It audits userspace components to determine whether cifs-utils 6.14 or later is present and whether the rootful cifs.upcall helper is exposed. It maps attack paths by evaluating whether cifs.spnego request-key rules are active and whether the CIFS kernel module is loadable. Mitigation analysis covers the status of unprivileged user namespaces, SELinux and AppArmor policies, and container capabilities.
Outputs are delivered as either a structured JSON report or a human-readable diagnostic, each stating a definitive VULNERABLE or MITIGATED verdict alongside specific remediation commands. Exit codes are CI/CD-ready, enabling automated deployment gating or cluster-wide programmatic auditing.
This skill is useful because identifying this CVE manually requires correlating kernel patch levels with specific userspace utility versions and active request-key configurations simultaneously — a correlation that is easy to get wrong without dedicated tooling.