Xen Privcmd Driver Vulnerability in Linux Kernel by Xen Project
CVE-2026-31788

8.2HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-31788?

The Xen privcmd driver in the Linux kernel previously allowed unprivileged domain user processes to execute arbitrary hypercalls. While normally restricted to root and hypervisor layers, this vulnerability posed a risk when a guest was booted with secure boot enabled, potentially allowing modification of kernel memory and breaking the secure boot integrity. This issue was addressed by enhancing the privcmd driver's access controls, ensuring that hypercalls are restricted to specific target domains, thereby maintaining security in environments leveraging secure boot.

Affected Version(s)

Linux 1c5de1939c204bde9cce87f4eb3d26e9f9eb732b < 87a803edb2ded911cb587c53bff179d2a2ed2a28

Linux 1c5de1939c204bde9cce87f4eb3d26e9f9eb732b < 1879319d790f7d57622cdc22807b60ea78b56b6d

Linux 1c5de1939c204bde9cce87f4eb3d26e9f9eb732b < 78432d8f0372c71c518096395537fa12be7ff24e

References

https://git.kernel.org/stable/c/87a803edb2ded911cb587c53b...

https://git.kernel.org/stable/c/1879319d790f7d57622cdc228...

https://git.kernel.org/stable/c/78432d8f0372c71c518096395...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31788 Data

JSON