{"id":"ASB-A-436580278", "published":"2025-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2025-48623", "A-436580278"], "details":"In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":":linux_kernel:", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":":0"}, {"fixed":":2025-12-05"}]}], "versions":["Kernel"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81", "https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895"], "severity":"Critical", "spl":"2025-12-05", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"131869207249152044642128437608415532638", "length":1412}, "id":"ASB-A-436580278-32214e56", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81", "target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c", "function":"init_pkvm_hyp_vcpu"}}, {"deprecated":false, "digest":{"line_hashes":["326118583415893137817933218525750139875", "146909942768788339309673704799148473338", "324510009707059484238981277716417677465", "40045927403040859855862745724553424554", "224952189961902143946865464159773337831", "21036826216666020181881630440408284634", "218585340547388096669683246519936461829"], "threshold":0.9}, "id":"ASB-A-436580278-4d2669a6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895", "target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c"}}, {"deprecated":false, "digest":{"function_hash":"288353721847074805069654069000514111339", "length":1278}, "id":"ASB-A-436580278-78939954", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895", "target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c", "function":"init_pkvm_hyp_vcpu"}}, {"deprecated":false, "digest":{"line_hashes":["312137642325817340013566362473081648660", "146909942768788339309673704799148473338", "324510009707059484238981277716417677465", "40045927403040859855862745724553424554", "224952189961902143946865464159773337831", "21036826216666020181881630440408284634", "218585340547388096669683246519936461829"], "threshold":0.9}, "id":"ASB-A-436580278-f9b3d4f3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81", "target":{"file":"arch/arm64/kvm/hyp/nvhe/pkvm.c"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/3b6fab0ff24f7108c71a4d9c12567455cb2a5a81"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/e76cff4952af4ac4652dc74ffbd134ff57c47895"}]}