ASB-A-439996285
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-439996285.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-439996285
- Aliases
-
- A-439996285
- CVE-2026-0032
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-04-14T15:05:17.852631Z
- Summary
- [none]
- Details
-
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/048aebb861d2f3ed4d260a4c9f4e72a43cae9b1e",
"https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9"
],
"vanir_signatures": [
{
"id": "ASB-A-439996285-3a10f481",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "206281698695442259808593096215832285746",
"length": 1072.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_use_dma_locked",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-4bcfe033",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "187448356417029398286187110849470591536",
"length": 505.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_host_donate_ffa",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-68e49931",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "306009601232908643267726646886751364673",
"length": 854.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_host_donate_guest",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-6df0693d",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"289537644433941434254341808947048145584",
"108484575457524729048237478075359563076",
"311049504088376480459943617240657500382",
"178269118263239053060837820164233764663",
"22260079115874941227818419473566765659",
"197572553140239507489955780272860217950",
"311717138085193378750907416511946131234",
"168447780493469594233519959388700978034",
"151823626924046866793740716359197590666",
"7741584934204485557407849373242347374",
"57521416017666877672681409507697748776",
"282970323010143382845451297240729160003",
"182566212658778614321881042467109166480",
"40667047235283598070828826634284051547",
"118018106662593690393684379594533007924",
"101724486092654083350336028347435450870",
"200374352773472605723585666864014757610",
"268747802010080201098370348937141814481",
"233584329941717470082292767973561197320",
"61264962345220014820310662083950283111",
"96277611542100000118530570091945907898",
"222465992962641904684367997338249058876",
"243634934190234196797363549030138667167",
"2981295933932064109010264057173041724",
"132251318334947969685662946797520929599",
"292618083457488476612407999087804930677",
"235073014643689307457867998698097285166",
"199933535838431119069183415355253959711",
"62217908840682175456827972823257382391",
"83578713017889225212106663381245898256",
"252906033394855349894612773342064606363",
"5630237317654744393234776912995398804",
"208380879551966800883743256385141536644",
"157600537560763199331670243462974025390",
"229082206009975736620601148591402592453",
"280579750074579579486434694013194244799",
"87516098287293601196831163016196242002",
"339503312007856112750297466896402731601",
"334460686162735561104913892546844286031",
"37147027573689430561172599153999445937",
"335562326451661203370833224438280668528",
"89217349564832340218752141209769228351",
"178031943431452977154853177141992841528",
"205519514446384708073234686448565316545",
"150471801953365327445363411610373873663",
"164215985206606241899455719493541800981",
"126869848287362707284900215493169570827",
"136588847646063767017304017116710979375",
"264490003921443033584319793281278534496",
"5406505833856806172178348203965175276",
"334460686162735561104913892546844286031",
"37147027573689430561172599153999445937",
"335562326451661203370833224438280668528",
"89217349564832340218752141209769228351",
"178031943431452977154853177141992841528",
"36375142789308245283212378408949239107",
"247048884292579387407326703867659333884",
"241082537958215638082722532050773295564",
"110416472721141265011464057579210456178",
"240576327243788209965098415714394619183",
"285864261559736603714859677054761589154",
"320009245596095796888401399438297729737",
"2488401297551934082574162000470423517",
"6205135618952828200155540086045409782",
"335681435713478256513998510238609450408",
"8576215840307139483993385830341590727",
"65821318124508223495004344215770373177",
"271237011245367203488822194739634909281",
"2378782749403314599202866405461365813",
"40814674606513204154431321185475370644",
"109372425960610328530715923334151502748",
"172879815376863181721374192342768403841",
"155489603830834928733614393178926207140",
"226556865392151689736809163202273750407",
"227431678396949821841151005582579939483",
"139046658263766342818630593233927444891",
"221915920348815319563988298334396878722",
"196816794665452314550362707373016822946",
"227431678396949821841151005582579939483",
"139046658263766342818630593233927444891",
"221915920348815319563988298334396878722",
"196816794665452314550362707373016822946",
"42720639612393392987174833576683151096",
"215486035189435480184537130726681992715",
"269116444104104069779418798415659626826",
"303465274452738942311375577418472272003",
"184690377243853813829772692581575525801"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-77c4210c",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "243165757723737511862446097720928180203",
"length": 1288.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "module_change_host_page_prot",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-82b2b77b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "51046187858436064554760154934852825096",
"length": 591.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "___host_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-8d318eea",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "214297937165347437436699027120263634236",
"length": 1298.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_host_donate_sglist_guest",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-9147ccd0",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "281580404822773148253623829167577026922",
"length": 596.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_hyp_donate_host",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-97cf6674",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "128476786464154047285676872883941406328",
"length": 1068.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_host_reclaim_page",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-ccfed969",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "59702314981983203836289166841686844995",
"length": 502.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_host_reclaim_ffa",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-dd6c150a",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "330693378716834898477575389171889050365",
"length": 291.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__host_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-df08fc69",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "181365628207492217264397152397939525475",
"length": 702.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_host_donate_hyp_locked",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-439996285-fa4e6e0d",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "57680856341650785506071029632969385501",
"length": 1538.0
},
"source": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9",
"target": {
"function": "__pkvm_host_donate_sglist_hyp",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
}
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2026-03-05"
}