CVE-2026-40572
Privilege Escalation via Memory Mapping in NovumOS Kernel
Publication date: 2026-04-18
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| minecanton209 | novumos | to 0.24 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows a local attacker to escalate privileges from user mode to kernel mode by modifying kernel interrupt handlers.
This can lead to unauthorized access to sensitive system resources, bypassing security controls, and potentially compromising the entire system's integrity.
Because the attacker gains kernel-level privileges, they can execute arbitrary code with the highest system permissions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade NovumOS to version 0.24 or later, where the issue with Syscall 15 (MemoryMapRange) has been fixed.
Until the upgrade is applied, restrict local user access to prevent exploitation of the vulnerability, as it requires local user privileges.
Can you explain this vulnerability to me?
This vulnerability exists in NovumOS versions prior to 0.24, where Syscall 15 (MemoryMapRange) allows user-mode processes (Ring 3) to map arbitrary virtual address ranges into their address space without proper validation.
Because the system does not check if these ranges include forbidden regions such as critical kernel structures (IDT, GDT, TSS, and page tables), a local attacker can exploit this to modify kernel interrupt handlers.
This leads to privilege escalation, allowing a user-mode process to gain kernel-level privileges.