#VU124445 Improper Privilege Management in Linux kernel - CVE-2026-31788
Published: March 25, 2026
Vulnerability identifier: #VU124445
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31788
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges and modify kernel memory contents, breaking secure boot protections.
The vulnerability exists due to improper access control in the Xen privcmd driver when handling hypercalls from user space processes in an unprivileged domU running with secure boot enabled. A local user can exploit this by issuing arbitrary hypercalls to escalate privileges and modify kernel memory, compromising the integrity of the secure boot environment.
Exploitation requires the user to have root privileges within the unprivileged domU guest. The impact is particularly severe when secure boot is enabled, as it allows bypassing memory integrity protections.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/1879319d790f7d57622cdc22807b60ea78b56b6d
- https://git.kernel.org/stable/c/389bae9a4409934e8b8d4dbdaaf02a3ae71cf8e4
- https://git.kernel.org/stable/c/78432d8f0372c71c518096395537fa12be7ff24e
- https://git.kernel.org/stable/c/87a803edb2ded911cb587c53bff179d2a2ed2a28
- https://git.kernel.org/stable/c/cbede2e833da1893afbea9b3ff29b5dda23a4a91