Vulnerabilities

Report: CVE-2026-40572 - NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange) - Complete Guide

2026-04-18 0 views admin
Report: CVE-2026-40572 - NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange) - Complete Guide

CVE ID :CVE-2026-40572 Published : April 18, 2026, 1:16 a.m. | 2 hours, 17 minutes ago Description :NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kernel structures such as the IDT, GDT, TSS, and page tables. A local attacker can exploit this to modify kernel interrupt handlers, resulting in privilege escalation from user mode to kernel context. This issue has been fixed in version 0.24. Severity: 9.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
CRITICAL
Published
April 18, 2026
Attack Vector: local
Impact: privilege escalation

🏷️ Tags

report40572novumosarbitrarymemorymappingsyscallmemorymaprangecompleteguide

More from Vulnerabilities

Report: CVE-2026-41253 - iTerm2 SSH Conductor Protocol Remote Code Execution Vulnerability - Guide

Report: CVE-2026-41253 - iTerm2 SSH Conductor Protocol Remote Code Execution Vulnerability - Guide

2026-04-18 0
Report: CVE-2026-25917 - Apache Airflow: API extra-links triggers XCom deserialization/class instantiatio

Report: CVE-2026-25917 - Apache Airflow: API extra-links triggers XCom deserialization/class instantiatio

2026-04-18 0
Report: Update: CVE-2026-41254 - Little CMS (lcms2) Integer Overflow Vulnerability

Report: Update: CVE-2026-41254 - Little CMS (lcms2) Integer Overflow Vulnerability

2026-04-18 0
Report: CVE-2026-32228 - Apache Airflow: Users with asset materialization permisssions could trigger Dags...

Report: CVE-2026-32228 - Apache Airflow: Users with asset materialization permisssions could trigger Dags...

2026-04-18 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views