diff --git a/rust/lanzaboote/src/linux_loader.rs b/rust/lanzaboote/src/linux_loader.rs
index 32feb54..fd3c6f1 100644
--- a/rust/lanzaboote/src/linux_loader.rs
+++ b/rust/lanzaboote/src/linux_loader.rs
@@ -1,5 +1,9 @@
 //! This module implements the protocols to hand an initrd to the
 //! Linux kernel.
+//!
+//! XXX The initrd signature validation is vulnerable to TOCTOU,
+//! because we read the initrd multiple times. The code needs to be
+//! restructured to solve this.
 
 use core::{ffi::c_void, ops::Range, pin::Pin, ptr::slice_from_raw_parts_mut};