[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown

  • To: Greg KH <greg@xxxxxxxxx>, oss-security@xxxxxxxxxxxxxxxxxx
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Tue, 24 Mar 2026 12:17:34 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k7fFmcOHa9xrVsy3zFKKwj0AreCu1/WA3CgGLbcb7C4=; b=nzGfVhC1ikQmRvnIZRlOFNijZeMc05n0S7iBb4x+LY5ehsOGJXPMHCgzEhAcN4fMuETBuYbCHqw+BHbNQrEtDqBxQhXuAVhhFgy7p3hYRuobClvUlvEN0FkwQfOvcatFUAIeNf4wAZsd+fmOjxpIcmvy/7eEZJDV2ZQ+Kg69ZucWbA1DWcT1Y4R9MFbc9+HlLuMjUaUn/KUWxgtxAk4vaUoq+rOnJltaq9XZ+JX/HJcZEZlRIfgfa+aHxOcX6NPa42Zh5bUkkXnfRIo65cr56g3PWmq3J8Lq+ZqGOsY+FDAQA/qeW3mkiThdmAjpa9huqa1lmtUypQSOmb0S+/8UOA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SEFF6EiVhC1DVQyCkq3R+UcyMlepVpjRI0H4bBXUdBsQBnJaXaAFylhwpTQeWIQnvjsPlRVHNH5QoSXPnmV4E/gKovrGC7PacXi4IPIyDER63MU5QUS0WCJ+14J+w+5n3ayfQ8VjZm86VRr+9TtbSo2z1jd6lBcWU4N5FKHSdZ8arufnIRfdWAV/9vHnWTKPmlntyT7Y5kgxyIJYoIE3NC08kKJ+yEEbknrpN9i/YPQpv8v7GF5oUZnmdll9ggGFwIrjzVLhGKQ+yfoMJqWsIiSEObp3HSPHPOUdVj6nWOwZbZKq6AigaFUyQLTiUNEpcB0ExwPX+fdOT7vWItVB+Q==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, "Xen.org security team" <security-team-members@xxxxxxx>
  • Delivery-date: Tue, 24 Mar 2026 12:18:10 +0000
  • List-id: Xen user discussion <xen-users.lists.xenproject.org>
On 24/03/2026 12:16 pm, Greg KH wrote:
> On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>>                     Xen Security Advisory XSA-482
>>                               version 2
>>
>>           Linux privcmd driver can circumvent kernel lockdown
>>
>> UPDATES IN VERSION 2
>> ====================
>>
>> Public release.
>>
>> ISSUE DESCRIPTION
>> =================
>>
>> The Linux kernel's privcmd driver can be abused to circumvent kernel
>> lockdown (secure boot), e.g. by modifying page tables to enable user
>> mode to modify kernel memory.
>>
>> The CNA covering Linux has refused to assign a CVE at this juncture.
> This is now assigned to CVE-2026-31788

Thankyou.  I'll send out an update.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.