—

CVE-2026-31788EXPLOITED

Xen · privcmd driver

xen/privcmd: restrict usage in unprivileged domU

Description

The Linux kernel's privcmd driver can be abused to circumvent kernel lockdown (secure boot), e.g. by modifying page tables to enable user mode to modify kernel memory.

Affected Products

Vendor	Product	Versions
Xen	privcmd driver	1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

Related News (8 articles)

Tier B

BSI Advisories16h ago

[NEU] [mittel] Xen: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

→ No new info (linked only)

Tier C

Linux Kernel CVEs18h ago

CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-31788 | Xen Linux privcmd Driver privilege escalation

→ No new info (linked only)

Tier C

oss-security1d ago

Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown

→ No new info (linked only)

Tier C

oss-security1d ago

Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown

→ No new info (linked only)

Tier C

oss-security1d ago

Xen Security Advisory 482 v3 (CVE-2026-31788) - Linux privcmd driver can circumvent kernel lockdown

→ No new info (linked only)

Tier C

oss-security1d ago

Re: Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown

→ No new info (linked only)

Tier B

CERT-FR2d ago

Vulnérabilité dans Xen (24 mars 2026)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-284

Published3/25/2026

Last enriched16h agov3

Trending Score65

Source articles8

Independent5

Info Completeness8/14

Missing: cvss, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Version History

Last enriched 16h ago

v3Tier C16h ago

Updated vendor to Xen, product to privcmd driver, severity to HIGH, and added CWE-284 and exploit availability.

descriptionvendorproductseveritycweIdsexploitAvailableactivelyExploited

via oss-security

v2Tier C18h ago

Updated description to include details on how the privcmd driver can circumvent kernel lockdown, changed severity to HIGH, and added CWE-284.

cweIds

via oss-security

v118h ago

Initial creation