On 24/03/2026 12:16 pm, Greg KH wrote: > On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Xen Security Advisory XSA-482 >> version 2 >> >> Linux privcmd driver can circumvent kernel lockdown >> >> UPDATES IN VERSION 2 >> ==================== >> >> Public release. >> >> ISSUE DESCRIPTION >> ================= >> >> The Linux kernel's privcmd driver can be abused to circumvent kernel >> lockdown (secure boot), e.g. by modifying page tables to enable user >> mode to modify kernel memory. >> >> The CNA covering Linux has refused to assign a CVE at this juncture. > This is now assigned to CVE-2026-31788
Thankyou. I'll send out an update. ~Andrew
