oss-sec mailing list archives

Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown

From: Andrew Cooper <andrew.cooper3 () citrix com>
Date: Tue, 24 Mar 2026 12:17:34 +0000

On 24/03/2026 12:16 pm, Greg KH wrote:

On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                    Xen Security Advisory XSA-482
                              version 2

          Linux privcmd driver can circumvent kernel lockdown

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

The Linux kernel's privcmd driver can be abused to circumvent kernel
lockdown (secure boot), e.g. by modifying page tables to enable user
mode to modify kernel memory.

The CNA covering Linux has refused to assign a CVE at this juncture.

This is now assigned to CVE-2026-31788


Thankyou.  I'll send out an update.

~Andrew

Current thread:

Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Xen . org security team (Mar 24)
- Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Greg KH (Mar 24)
  - Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Greg KH (Mar 24)
    - Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Juergen Gross (Mar 26)
  - Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Andrew Cooper (Mar 24)