Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown

[Greg KH <greg () kroah com>]

On Tue, Mar 24, 2026 at 01:16:08PM +0100, Greg KH wrote:
> On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> >                     Xen Security Advisory XSA-482
> >                               version 2
> >
> >           Linux privcmd driver can circumvent kernel lockdown
> >
> > UPDATES IN VERSION 2
> > ====================
> >
> > Public release.
> >
> > ISSUE DESCRIPTION
> > =================
> >
> > The Linux kernel's privcmd driver can be abused to circumvent kernel
> > lockdown (secure boot), e.g. by modifying page tables to enable user
> > mode to modify kernel memory.
> >
> > The CNA covering Linux has refused to assign a CVE at this juncture.
>
> This is now assigned to CVE-2026-31788

And, to be more clear, the kernel CNA should have given you a CVE
earlier, sorry about that, that was my fault.  We had been "burned" by
other groups/companies asking for CVEs "ahead of time" for Linux for
things that turned out to be wrong or not needing a CVE at all at the
same time you all asked for one, so I reacted much harsher here than you
all deserved by saying we would assign one once the issue was public.  I
should have trusted you as obviously you know what you are doing here
and should have gotten a CVE for your accounting earlier.

Again, my fault, sorry about that, if you all need one in the future for
any issue, we will assign it ahead of time.

greg k-h