CVE-2026-40572

Exploit

EPSS 0.21%
Veröffentlicht 18.04.2026 00:16:02
Zuletzt bearbeitet 27.04.2026 14:13:28
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange)

NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kernel structures such as the IDT, GDT, TSS, and page tables. A local attacker can exploit this to modify kernel interrupt handlers, resulting in privilege escalation from user mode to kernel context. This issue has been fixed in version 0.24.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Minecanton209 ≫ Novumos Version < 0.24

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.115

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9	2.5	5.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/MinecAnton209/NovumOS/releases/tag/v0.24

Release Notes

https://github.com/MinecAnton209/NovumOS/security/advisories/GHSA-rg7m-6vh7-f4v2

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-40572

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40572

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40572

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40572