CVE-2026-40572
Received Received - Intake
Privilege Escalation via Memory Mapping in NovumOS Kernel

Publication date: 2026-04-18

Last updated on: 2026-04-27

Assigner: GitHub, Inc.

Description
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kernel structures such as the IDT, GDT, TSS, and page tables. A local attacker can exploit this to modify kernel interrupt handlers, resulting in privilege escalation from user mode to kernel context. This issue has been fixed in version 0.24.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-18
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40572
EUVD
EUVD-2026-23640
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
minecanton209 novumos to 0.24 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in NovumOS versions prior to 0.24, where Syscall 15 (MemoryMapRange) allows user-mode processes (Ring 3) to map arbitrary virtual address ranges into their address space without proper validation.

Because the system does not check if these ranges include forbidden regions such as critical kernel structures (IDT, GDT, TSS, and page tables), a local attacker can exploit this to modify kernel interrupt handlers.

This leads to privilege escalation, allowing a user-mode process to gain kernel-level privileges.

Impact Analysis

The vulnerability allows a local attacker to escalate privileges from user mode to kernel mode by modifying kernel interrupt handlers.

This can lead to unauthorized access to sensitive system resources, bypassing security controls, and potentially compromising the entire system's integrity.

Because the attacker gains kernel-level privileges, they can execute arbitrary code with the highest system permissions.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade NovumOS to version 0.24 or later, where the issue with Syscall 15 (MemoryMapRange) has been fixed.

Until the upgrade is applied, restrict local user access to prevent exploitation of the vulnerability, as it requires local user privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40572. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart