Skip to main content

Novumos

2 CVEs product

Monthly

CVE-2026-40572 CRITICAL PATCH Act Now

Privilege escalation in NovumOS versions prior to 0.24 allows local unprivileged attackers to gain kernel-level execution by manipulating core kernel structures. The vulnerable Syscall 15 (MemoryMapRange) permits user-mode processes to map arbitrary virtual memory regions, including protected kernel areas (IDT, GDT, TSS, page tables), enabling modification of interrupt handlers for privilege elevation. CISA SSVC framework confirms POC availability with total technical impact, though EPSS exploitation probability remains very low (0.01%, 2nd percentile), indicating research-phase discovery rather than widespread targeting. No CISA KEV listing at time of analysis. Vendor-released patch available in version 0.24.

Privilege Escalation Novumos
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-40317 CRITICAL PATCH Act Now

Syscall 12 (JumpToUser) in NovumOS versions prior to 0.24 executes arbitrary kernel code at Ring 0 privilege when invoked by unprivileged Ring 3 user-mode processes. The vulnerability stems from missing address validation on user-supplied entry points, enabling local privilege escalation from user mode to kernel mode with complete system control. CISA SSVC framework confirms publicly available exploit code (POC status) with total technical impact, though EPSS score remains low at 0.02% (5th percentile), suggesting limited real-world targeting of this niche custom operating system despite the severe technical flaw.

Privilege Escalation RCE Novumos
NVD GitHub VulDB
CVSS 3.1
9.3
EPSS
0.0%
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Privilege escalation in NovumOS versions prior to 0.24 allows local unprivileged attackers to gain kernel-level execution by manipulating core kernel structures. The vulnerable Syscall 15 (MemoryMapRange) permits user-mode processes to map arbitrary virtual memory regions, including protected kernel areas (IDT, GDT, TSS, page tables), enabling modification of interrupt handlers for privilege elevation. CISA SSVC framework confirms POC availability with total technical impact, though EPSS exploitation probability remains very low (0.01%, 2nd percentile), indicating research-phase discovery rather than widespread targeting. No CISA KEV listing at time of analysis. Vendor-released patch available in version 0.24.

Privilege Escalation Novumos
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Syscall 12 (JumpToUser) in NovumOS versions prior to 0.24 executes arbitrary kernel code at Ring 0 privilege when invoked by unprivileged Ring 3 user-mode processes. The vulnerability stems from missing address validation on user-supplied entry points, enabling local privilege escalation from user mode to kernel mode with complete system control. CISA SSVC framework confirms publicly available exploit code (POC status) with total technical impact, though EPSS score remains low at 0.02% (5th percentile), suggesting limited real-world targeting of this niche custom operating system despite the severe technical flaw.

Privilege Escalation RCE Novumos
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy