CVE-2026-40317

Name of the Vulnerable Software and Affected Versions NovumOS versions prior to 0.24

Description Syscall 12 ('JumpToUser') accepts an arbitrary entry point address from user-space registers without validation. This allows a Ring 3 user-mode process to jump to kernel addresses and execute arbitrary code in Ring 0 context, leading to local privilege escalation. Ring 3 refers to the least privileged user mode, while Ring 0 refers to the most privileged kernel mode.

Recommendations Update to version 0.24. Restrict syscall access by running the system in single-user mode without Ring 3 and disable user-mode processes by only running the kernel shell with no user processes.