|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown
On Tue, Mar 24, 2026 at 01:16:08PM +0100, Greg KH wrote: > On Tue, Mar 24, 2026 at 12:05:44PM +0000, Xen.org security team wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Xen Security Advisory XSA-482 > > version 2 > > > > Linux privcmd driver can circumvent kernel lockdown > > > > UPDATES IN VERSION 2 > > ==================== > > > > Public release. > > > > ISSUE DESCRIPTION > > ================= > > > > The Linux kernel's privcmd driver can be abused to circumvent kernel > > lockdown (secure boot), e.g. by modifying page tables to enable user > > mode to modify kernel memory. > > > > The CNA covering Linux has refused to assign a CVE at this juncture. > > This is now assigned to CVE-2026-31788 And, to be more clear, the kernel CNA should have given you a CVE earlier, sorry about that, that was my fault. We had been "burned" by other groups/companies asking for CVEs "ahead of time" for Linux for things that turned out to be wrong or not needing a CVE at all at the same time you all asked for one, so I reacted much harsher here than you all deserved by saying we would assign one once the issue was public. I should have trusted you as obviously you know what you are doing here and should have gotten a CVE for your accounting earlier. Again, my fault, sorry about that, if you all need one in the future for any issue, we will assign it ahead of time. greg k-h
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |