Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
NovumOS: Unrestricted Memory Mapping Allows Privilege Escalation
CVE-2026-40572
Summary
NovumOS versions before 0.24 have a security issue that could allow a malicious program to take control of the operating system. This is because the operating system doesn't properly check where a program can access in memory. To fix this, update to version 0.24 or later.
Original title
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual addres...
Original description
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validating against forbidden regions, including critical kernel structures such as the IDT, GDT, TSS, and page tables. A local attacker can exploit this to modify kernel interrupt handlers, resulting in privilege escalation from user mode to kernel context. This issue has been fixed in version 0.24.
nvd CVSS3.1
9.0
Vulnerability type
CWE-269
Improper Privilege Management
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026