ASB-A-443072657
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-443072657.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-443072657
- Aliases
-
- A-443072657
- CVE-2026-0031
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2026-03-01
- https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d
- https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20
- https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 456.0,
"function_hash": "140393265081442329449425783156025100417"
},
"id": "ASB-A-443072657-033c1c84",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
"target": {
"function": "guest_get_valid_pte",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"44926279662848227298945946291225112521",
"44475587629505316290481058361178115207",
"312696659692566270947612793160483335197",
"63347437467375900414232445822442756376",
"15020113626905274813333059629451368897",
"291517487197934246825722481071241326196",
"178552814958078897454828864576715563622",
"21057071194608305058566548333226160158"
]
},
"id": "ASB-A-443072657-2a2f1029",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 265.0,
"function_hash": "224810733133245517766745445897791307863"
},
"id": "ASB-A-443072657-4770adc9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
"target": {
"function": "__guest_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 888.0,
"function_hash": "140949518599310097241290695311343292039"
},
"id": "ASB-A-443072657-63c63fd2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472",
"target": {
"function": "__check_host_shared_guest",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"270330813582972435842825277868865552248",
"168447780493469594233519959388700978034",
"294757987269085764511122189923270549889",
"251592362683850198349127019951702516402",
"265288599003728691136953214011276270544",
"169618891839342428373414438030236830383",
"225491944656961097582350286717486320342",
"15020113626905274813333059629451368897",
"306848634213538203798184025825774940070",
"65605068926131335295381250070305785100",
"242660080755050945565192417065352649796",
"38856485533434927858284127021139892603",
"91605049657459443963612922182375553364",
"94348289244060149100355456637783702542",
"48567883908640950188812079702849294404",
"222783720599958153769640741285542939394",
"173489169071988178767501145008183526800",
"117501579311764509242038553729906494002",
"32406168355031765626531870443972243146",
"14958644128609230618949323028030841853",
"337801667975793736694208535652622978499"
]
},
"id": "ASB-A-443072657-6889c9dc",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 244.0,
"function_hash": "14275683682963994283896238352472740213"
},
"id": "ASB-A-443072657-69fcfe24",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d",
"target": {
"function": "__host_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 296.0,
"function_hash": "271143831420277048443178721599003331657"
},
"id": "ASB-A-443072657-74ee0d4d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472",
"target": {
"function": "__guest_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 288.0,
"function_hash": "180466545224193090028264095900979382567"
},
"id": "ASB-A-443072657-9b5f5ec6",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d",
"target": {
"function": "__guest_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 488.0,
"function_hash": "170680755638094553506667093797892125235"
},
"id": "ASB-A-443072657-a907d5bb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
"target": {
"function": "___host_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"270330813582972435842825277868865552248",
"41755106572300848336673352833570550237",
"154267648795344506484886981289337652728",
"235678429952762461034075733795936955721",
"268747802010080201098370348937141814481",
"233584329941717470082292767973561197320",
"61264962345220014820310662083950283111",
"96277611542100000118530570091945907898",
"15020113626905274813333059629451368897",
"306848634213538203798184025825774940070",
"65605068926131335295381250070305785100",
"242660080755050945565192417065352649796",
"299090722878015974131273378308896121852",
"238231049761437256322825198818663779035",
"235791909068065699509332621156496288269",
"33517853298061888229925141020800035291",
"83255801305818146573640562624568545059",
"14565447768208093161553499218307741283"
]
},
"id": "ASB-A-443072657-b622da72",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 784.0,
"function_hash": "58003540130136357195230989543609452463"
},
"id": "ASB-A-443072657-ca84c096",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472",
"target": {
"function": "___host_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 264.0,
"function_hash": "273050602761954097886820638526786646067"
},
"id": "ASB-A-443072657-cb457ab9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
"target": {
"function": "__host_check_page_state_range",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
},
{
"digest": {
"length": 1216.0,
"function_hash": "225761543947095484688123447912240333445"
},
"id": "ASB-A-443072657-e38198e8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472",
"target": {
"function": "__pkvm_host_share_guest",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
}
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4abdaed8a42d",
"https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
"https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b8705b6de472"
],
"types": [
"EoP"
],
"spl": "2026-03-05",
"severity": "Critical"
}