Improper Privilege Management in Linux kernel - CVE-2026-31788
Published: March 25, 2026
Vulnerability identifier: #VU124445
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31788
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges and modify kernel memory contents, breaking secure boot protections.
The vulnerability exists due to improper access control in the Xen privcmd driver when handling hypercalls from user space processes in an unprivileged domU running with secure boot enabled. A local user can exploit this by issuing arbitrary hypercalls to escalate privileges and modify kernel memory, compromising the integrity of the secure boot environment.
Exploitation requires the user to have root privileges within the unprivileged domU guest. The impact is particularly severe when secure boot is enabled, as it allows bypassing memory integrity protections.
How to mitigate CVE-2026-31788
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1879319d790f7d57622cdc22807b60ea78b56b6d
- https://git.kernel.org/stable/c/389bae9a4409934e8b8d4dbdaaf02a3ae71cf8e4
- https://git.kernel.org/stable/c/78432d8f0372c71c518096395537fa12be7ff24e
- https://git.kernel.org/stable/c/87a803edb2ded911cb587c53bff179d2a2ed2a28
- https://git.kernel.org/stable/c/cbede2e833da1893afbea9b3ff29b5dda23a4a91