ASB-A-443668075
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-443668075.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-443668075
- Aliases
-
- A-443668075
- CVE-2026-0029
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In __pkvminitvm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2026-03-01
- https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c
- https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b
- https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c",
"https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b",
"https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf"
],
"spl": "2026-03-05",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf",
"target": {
"function": "__pkvm_init_vm",
"file": "arch/arm64/kvm/hyp/nvhe/pkvm.c"
},
"deprecated": false,
"digest": {
"function_hash": "152061176676912564967588993662256565131",
"length": 1323.0
},
"signature_type": "Function",
"id": "ASB-A-443668075-350139b4"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"299012250674758203345789097958333677862",
"315293476878049035998153523304139290327",
"271263212807650943796179841566384571579",
"62308010140200245065792117709481948918"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-443668075-484c221c"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"299012250674758203345789097958333677862",
"315293476878049035998153523304139290327",
"271263212807650943796179841566384571579",
"62308010140200245065792117709481948918"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-443668075-4a6dbd4a"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf",
"target": {
"function": "guest_s2_zalloc_pages_exact",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false,
"digest": {
"function_hash": "229334516896925076192725713039311228210",
"length": 219.0
},
"signature_type": "Function",
"id": "ASB-A-443668075-5202ce36"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/pkvm.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"180873601798706501084966796765009097370",
"243944970726779041885803300082899728928",
"180836427021977815630184846350021618481",
"227839573386164085119631898137147681590"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-443668075-5879dda4"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/pkvm.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"331547901651569663552211597892856528013",
"175577852943395756318284371700711363698",
"184212635145877519056997650065023996923",
"273474119879800844398921903320705294370"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-443668075-85ddd271"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b",
"target": {
"function": "guest_s2_zalloc_pages_exact",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false,
"digest": {
"function_hash": "229334516896925076192725713039311228210",
"length": 219.0
},
"signature_type": "Function",
"id": "ASB-A-443668075-ad16dca8"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c",
"target": {
"function": "guest_s2_zalloc_pages_exact",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false,
"digest": {
"function_hash": "229334516896925076192725713039311228210",
"length": 219.0
},
"signature_type": "Function",
"id": "ASB-A-443668075-b469e349"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/pkvm.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"66884226558480240002182492700455406174",
"125099735616185686504868658816147993864",
"218649324270245463169039015737595884936",
"36464640937342043812216371050695440141"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-443668075-c8756611"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c",
"target": {
"function": "__pkvm_init_vm",
"file": "arch/arm64/kvm/hyp/nvhe/pkvm.c"
},
"deprecated": false,
"digest": {
"function_hash": "288658818162809701058574826751871468785",
"length": 1280.0
},
"signature_type": "Function",
"id": "ASB-A-443668075-dc297b1b"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"299012250674758203345789097958333677862",
"315293476878049035998153523304139290327",
"271263212807650943796179841566384571579",
"62308010140200245065792117709481948918"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-443668075-e510bf26"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b",
"target": {
"function": "__pkvm_init_vm",
"file": "arch/arm64/kvm/hyp/nvhe/pkvm.c"
},
"deprecated": false,
"digest": {
"function_hash": "256453628095604252572017021978221899564",
"length": 1248.0
},
"signature_type": "Function",
"id": "ASB-A-443668075-edc603e7"
}
],
"types": [
"EoP"
]
}