CVE-2026-40317
Arbitrary Code Execution via Syscall JumpToUser in NovumOS
Publication date: 2026-04-18
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| minecanton209 | novumos | to 0.24 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in NovumOS versions prior to 0.24, where Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation.
This flaw allows any Ring 3 user-mode process to jump to kernel addresses and execute arbitrary code with Ring 0 privileges.
As a result, a local user can escalate their privileges from user mode to kernel mode, gaining full control over the system.
How can this vulnerability impact me? :
This vulnerability can lead to local privilege escalation, allowing an unprivileged user to execute arbitrary code with kernel-level privileges.
An attacker exploiting this flaw could gain full control over the affected system, potentially compromising confidentiality, integrity, and availability.
The CVSS base score of 9.3 indicates a critical severity with high impact on confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should update NovumOS to version 0.24 or later where the issue is fixed.
If updating is not possible right away, restrict syscall access by running the system in single-user mode without Ring 3.
Additionally, disable user-mode processes by only running the kernel shell with no user processes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NovumOS allows local privilege escalation by enabling user-mode processes to execute arbitrary code in kernel mode. This can lead to unauthorized access and control over sensitive system functions and data.
Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and access.
Organizations using affected versions of NovumOS prior to 0.24 should address this vulnerability promptly to maintain compliance, either by updating to the fixed version or applying recommended mitigations.