An issue was discovered in the Linux kernel’s implementation of the CIFS protocol. The SMB2_read function has a possible use-after-free when CIFS function tracing is enabled. While data is used after being freed, it is has not been determined how it could be used for privilege escalation.

Mitigation

As the CIFS module will be auto-loaded when required, its use can be disabled
by preventing the module from loading with the following instructions:

echo "install cifs /bin/true" >> /etc/modprobe.d/disable-cifs.conf

The system will need to be restarted if the CIFS modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.

If you need further assistance, see KCS article <https://access.redhat.com/solutions/41278&gt; or contact Red Hat Global Support Services.