ASB-A-459479964
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-459479964.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-459479964
- Aliases
-
- A-459479964
- CVE-2026-0038
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-04-15T15:55:00.724021Z
- Summary
- [none]
- Details
-
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2026-03-01
- https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739
- https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4
- https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a
- https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321
- https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41
- https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae
- https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739",
"https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4",
"https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a",
"https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321",
"https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41",
"https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae",
"https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f"
],
"vanir_signatures": [
{
"id": "ASB-A-459479964-1785acba",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"141493544575779251009795284625380576619",
"85284773167186548631365352080801133115",
"276113984912318799173108405012186550974"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae",
"target": {
"file": "arch/arm64/kvm/hyp/include/hyp/switch.h"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-2c373c57",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "330954540714767354495383917839935120092",
"length": 879.0
},
"source": "https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f",
"target": {
"function": "__pkvm_host_donate_guest",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-48b7bb07",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "320091642157168254856659365051621970867",
"length": 289.0
},
"source": "https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae",
"target": {
"function": "___activate_traps",
"file": "arch/arm64/kvm/hyp/include/hyp/switch.h"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-5e6f5026",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "271017566507590861802784962080756482397",
"length": 307.0
},
"source": "https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321",
"target": {
"function": "___activate_traps",
"file": "arch/arm64/kvm/hyp/include/hyp/switch.h"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-8cfc16f1",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"269756330032448537901270414351088033281",
"85284773167186548631365352080801133115",
"276113984912318799173108405012186550974"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321",
"target": {
"file": "arch/arm64/kvm/hyp/include/hyp/switch.h"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-91289561",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"236988563559189537519035642110889872426",
"229148890178075844274484247097144130694",
"105761220992910305830717795771877303986",
"26799471277481304780099663904346698943"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a",
"target": {
"file": "arch/arm64/kvm/arm.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-9df14129",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"236988563559189537519035642110889872426",
"308932647879667452829737570987306322030",
"180179273791410505688592567978568889436",
"147967488583419337551590130568359217731"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739",
"target": {
"file": "arch/arm64/kvm/arm.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-a450bb4b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "287142359475656402530583202153277875154",
"length": 1323.0
},
"source": "https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f",
"target": {
"function": "__pkvm_host_donate_sglist_guest",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-a4d4ab3a",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "304630760426190043995549604118980935612",
"length": 863.0
},
"source": "https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739",
"target": {
"function": "cpu_prepare_hyp_mode",
"file": "arch/arm64/kvm/arm.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-a6df5832",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "282545879002881570040477716396089763761",
"length": 1115.0
},
"source": "https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41",
"target": {
"function": "cpu_prepare_hyp_mode",
"file": "arch/arm64/kvm/arm.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-a8d55d33",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "174377758408620052482093619364876174027",
"length": 449.0
},
"source": "https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f",
"target": {
"function": "__host_set_owner_guest",
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-b6e13b2b",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"236988563559189537519035642110889872426",
"229148890178075844274484247097144130694",
"105761220992910305830717795771877303986",
"26799471277481304780099663904346698943"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41",
"target": {
"file": "arch/arm64/kvm/arm.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-c5819b02",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "148455231156901232607433984652278306282",
"length": 1098.0
},
"source": "https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a",
"target": {
"function": "cpu_prepare_hyp_mode",
"file": "arch/arm64/kvm/arm.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-d378d43b",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "271017566507590861802784962080756482397",
"length": 307.0
},
"source": "https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4",
"target": {
"function": "___activate_traps",
"file": "arch/arm64/kvm/hyp/include/hyp/switch.h"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-efb88e22",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"130046018085051392414450126771360080024",
"319209242661449281219158194248935543430",
"84731492265535399205334050448566989734",
"181530630109788671659878935143154103342",
"225819931753187724971274331426526794543",
"299936046761399543501944200815227031573",
"322020498915043821244872253508755887953",
"142438106793154665310960168403458570332",
"139269121756751079861775453555798014527",
"271629652544606746017769357031623685839",
"168655028215865650100791076354040236512",
"140092686530833111453613911048245871042",
"133464711327352232158925551124132984461",
"241432134751587665911480757364573960505",
"14371009891233503998878972684901729867",
"294945633559902269341662231436888792930",
"337807546107552093483992282704554248830",
"153377509931536161837182679317110557689",
"20396822225622377178816585985623271815",
"24798699172789186443837978039163817898",
"149751057617248040109239273814010913996",
"198115197298423232860852438212585137632",
"328920446623930610486125190365941778717",
"125334101166212192120184947641717329080",
"269639077366187230122593757435070611334",
"306973608026366333059227625597416353554",
"210641888596784825569310271716763630563",
"199658496425620173021706973343760557012",
"161637938024022533784747303388255611772",
"109664379858610946340715233749790412271",
"70538175170065718107179187758631969076",
"36986081116199168602386241539146133759",
"249776795102747698254526194508991631255",
"226185966171083737843322690570539168297",
"246792842969216904268790952689456593864",
"190560254514578231814747201232179891526",
"76520579158944759821087113690038450965",
"272423096885976881823422207677046909357",
"37560185452920041706316066614631595689",
"228638860905346734823701240766777323974",
"171615919274301564036264506027196449032",
"231877194515473396725110231342557758448",
"32953678557792228079976280304996698736",
"165702068920084176476323748464154231750",
"139071785721332132945327005593821551747",
"189119817853419691885359517975012053592",
"219175717543667922630300279096937009695",
"257925747974022515280499025460522541172",
"4835485824180898340514491103107696242",
"319321365816842645763756605542747029844",
"114208460682356595628363542797946290440",
"19133485142454809642602607491045375536",
"250515189759306529237180071203812381205",
"339149956566018199541973450779334948215",
"313118986428480709213288633427706867859",
"51383429071358802009646127772559146050",
"136555397319116192127246471048494426874",
"169883666188444544866648319976852190082",
"339424532851788597967798252990803195318",
"336976297247558364233791910745031568978",
"161637938024022533784747303388255611772"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f",
"target": {
"file": "arch/arm64/kvm/hyp/nvhe/mem_protect.c"
},
"deprecated": false
},
{
"id": "ASB-A-459479964-fc7b3681",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"269756330032448537901270414351088033281",
"85284773167186548631365352080801133115",
"276113984912318799173108405012186550974"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4",
"target": {
"file": "arch/arm64/kvm/hyp/include/hyp/switch.h"
},
"deprecated": false
}
],
"severity": "Critical",
"types": [
"EoP"
],
"spl": "2026-03-05"
}