ASB-A-443763663

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-443763663.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-443763663

Aliases

A-443763663
CVE-2025-48637

Published

2025-12-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2025-12-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 456.0,
                "function_hash": "140393265081442329449425783156025100417"
            },
            "id": "ASB-A-443763663-033c1c84",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
            "target": {
                "function": "guest_get_valid_pte",
                "file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "41357223220029763034318063926808516362",
                    "107835455719160484103181271729945352483",
                    "218413571962783688180621018947548030742",
                    "74348370173617154205662168520543802245",
                    "201140442960149304804951317674927593473",
                    "259806366497591605989767293194059553161",
                    "103082277535687432447449465277955605554",
                    "226064330952052570963410970162019658604",
                    "132156172233785212772556316055115398219",
                    "66531324142846094245872514907634784592",
                    "261756564615928259791383022051492410605",
                    "81034700948420729546186816053298405578"
                ]
            },
            "id": "ASB-A-443763663-0761bdd7",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/kernel/common/+/4cfc9c2d8815577832cafbfcd7f98025f0da718d",
            "target": {
                "file": "arch/arm64/kvm/hyp/nvhe/mm.c"
            }
        },
        {
            "digest": {
                "length": 265.0,
                "function_hash": "224810733133245517766745445897791307863"
            },
            "id": "ASB-A-443763663-4770adc9",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
            "target": {
                "function": "__guest_check_page_state_range",
                "file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
            }
        },
        {
            "digest": {
                "length": 333.0,
                "function_hash": "22632907608192465059315258365873554221"
            },
            "id": "ASB-A-443763663-5265e5c7",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/4cfc9c2d8815577832cafbfcd7f98025f0da718d",
            "target": {
                "function": "refill_hyp_pool",
                "file": "arch/arm64/kvm/hyp/nvhe/mm.c"
            }
        },
        {
            "digest": {
                "length": 752.0,
                "function_hash": "244019698325816914797832225193937936520"
            },
            "id": "ASB-A-443763663-875b647f",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/4cfc9c2d8815577832cafbfcd7f98025f0da718d",
            "target": {
                "function": "kvm_iommu_refill",
                "file": "arch/arm64/kvm/hyp/nvhe/iommu/iommu.c"
            }
        },
        {
            "digest": {
                "length": 488.0,
                "function_hash": "170680755638094553506667093797892125235"
            },
            "id": "ASB-A-443763663-a907d5bb",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
            "target": {
                "function": "___host_check_page_state_range",
                "file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "270330813582972435842825277868865552248",
                    "41755106572300848336673352833570550237",
                    "154267648795344506484886981289337652728",
                    "235678429952762461034075733795936955721",
                    "268747802010080201098370348937141814481",
                    "233584329941717470082292767973561197320",
                    "61264962345220014820310662083950283111",
                    "96277611542100000118530570091945907898",
                    "15020113626905274813333059629451368897",
                    "306848634213538203798184025825774940070",
                    "65605068926131335295381250070305785100",
                    "242660080755050945565192417065352649796",
                    "299090722878015974131273378308896121852",
                    "238231049761437256322825198818663779035",
                    "235791909068065699509332621156496288269",
                    "33517853298061888229925141020800035291",
                    "83255801305818146573640562624568545059",
                    "14565447768208093161553499218307741283"
                ]
            },
            "id": "ASB-A-443763663-b622da72",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
            "target": {
                "file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
            }
        },
        {
            "digest": {
                "length": 264.0,
                "function_hash": "273050602761954097886820638526786646067"
            },
            "id": "ASB-A-443763663-cb457ab9",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20",
            "target": {
                "function": "__host_check_page_state_range",
                "file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "124033088507589349670732817574953490421",
                    "17648690578236074004186557059124336225",
                    "294085542175290052671588349476042224443",
                    "58382261825225629705018483273875007645",
                    "209636862288731807488029004543803184246",
                    "49371074249655175498576943366775696927",
                    "171565137720322743846282709920180913675",
                    "136309658371822085600868842260731854085",
                    "127791330812687308711768621036162596715",
                    "283348369972456175722722962344730252998",
                    "158999761841958448264992801532107125858",
                    "63645214718270019533277524332522691069",
                    "75116364488990616591396406864052755001",
                    "80708934540432077762774300521107285875",
                    "143948780479865104749247134674316415425",
                    "261726992914275181324859905788763503784",
                    "256920358902043702254506928069741960045",
                    "15163798770322415369722042246792709587",
                    "220336129047662555093362149973128691965",
                    "149838372327518077599044546155711080596",
                    "183918493517346234005908227393155019049",
                    "74373140902469917200027924280507363508"
                ]
            },
            "id": "ASB-A-443763663-e1c5f42a",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/kernel/common/+/4cfc9c2d8815577832cafbfcd7f98025f0da718d",
            "target": {
                "file": "arch/arm64/kvm/hyp/nvhe/iommu/iommu.c"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/4cfc9c2d8815577832cafbfcd7f98025f0da718d",
        "https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed989289b20"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2025-12-05",
    "severity": "Critical"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-443763663.json"