ASB-A-440584506
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-440584506.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-440584506
- Aliases
-
- A-440584506
- CVE-2026-0037
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-04-16T15:14:46.093391Z
- Summary
- [none]
- Details
-
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031"
],
"severity": "Critical",
"vanir_signatures": [
{
"id": "ASB-A-440584506-5a93fd6d",
"signature_version": "v1",
"digest": {
"function_hash": "34754192895805868191906683820398228588",
"length": 586.0
},
"source": "https://android.googlesource.com/kernel/common/+/6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031",
"deprecated": false,
"target": {
"function": "ffa_host_store_handle",
"file": "arch/arm64/kvm/hyp/nvhe/ffa.c"
},
"signature_type": "Function"
},
{
"id": "ASB-A-440584506-8d3182a7",
"signature_version": "v1",
"digest": {
"line_hashes": [
"309958638124952564743267600500747358625",
"45525927466984406429748276993963547607",
"11653997067889707893873282969351042328",
"180574919500815140738880605131144875687",
"309965566704068005093445272871121147598",
"315729318448359800524169121402437374178",
"226420688572529546715779431521695914827",
"112794990496460626819251869410753443305",
"198918122497370454225418113782850017360",
"192383364290772175224148373631938539170",
"259704639271937673044684940562344216698",
"156167124664056564335004978470698270853",
"208506889261601858359845550164221862638",
"299854963520145265089625191978377345284",
"295989182962820353223353387503386295152",
"327103383512219640394472124327385900605",
"81309089389129129104632812320450081260",
"293032476811429883072150516533968334681",
"293832492031998398836213863098434552345",
"243044552556953888481208359171775160950",
"49067536268364178992387309716890631923",
"107267826103938626124885011611567080718",
"54832729643187533036938867291144915620",
"311510429034424347898820082052665439008",
"71133778263422153511648368207738364260",
"237330604213999913461693621278676820382",
"238684923179165880251855721121401576476",
"105950759777016790187172780757562815918",
"115679755775019076033924081411545209862",
"304882055553927570116593625740582032612",
"248341103455901911367377025226388646279",
"153000964642516233685793603034403410639",
"185047693346433133082630112946018629283",
"304460929411720790788212246337222121877",
"246140933445036782128324392794879108500",
"134712725650853943327090673717032080756",
"222547913442663310744890489859296998888",
"191851370219201402215803449641041853169",
"33481638336688483599575813603136316564"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031",
"deprecated": false,
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/ffa.c"
},
"signature_type": "Line"
},
{
"id": "ASB-A-440584506-c99ca39d",
"signature_version": "v1",
"digest": {
"function_hash": "270785408193316304490795728822343011886",
"length": 3585.0
},
"source": "https://android.googlesource.com/kernel/common/+/6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031",
"deprecated": false,
"target": {
"function": "__do_ffa_mem_xfer",
"file": "arch/arm64/kvm/hyp/nvhe/ffa.c"
},
"signature_type": "Function"
}
],
"spl": "2026-03-05"
}