{"id":"ASB-A-442540376", "published":"2025-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2025-48638", "A-442540376"], "details":"In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":":linux_kernel:", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":":0"}, {"fixed":":2025-12-05"}]}], "versions":["Kernel"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe", "https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a"], "severity":"Critical", "spl":"2025-12-05", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["90558166005269909930284086201071750075", "287599274834125049811271675874841952531", "18804106768587692893641876941213863145", "28121679916102027148475347188111081201", "191410894214813062980060039031238067394", "305081180542143264441251109293065859862", "312843914770600634379606858910406254829", "149326353072186615715133350665055426599", "162137619357973724339660243284734951446", "314910139000023664835077072904995840933"], "threshold":0.9}, "id":"ASB-A-442540376-69dbf411", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe", "target":{"file":"arch/arm64/kvm/hyp/nvhe/trace.c"}}, {"deprecated":false, "digest":{"line_hashes":["320573784483962119336444912046099381674", "142639344079230660226354642835805425334", "6557964387277942376636085844154584662", "148403631429166932821378813147089635186", "155257617133160059537638078063901500560", "235449450205629975573594586092400618099", "81838477260421453430615412376897544973", "328692992502970810698612054764776044997", "41983219151228460750004362198517182568", "301649500598785356277496269540784339689"], "threshold":0.9}, "id":"ASB-A-442540376-71a26b14", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a", "target":{"file":"arch/arm64/kvm/hyp/nvhe/trace.c"}}, {"deprecated":false, "digest":{"function_hash":"95942719740207928120481650673794265676", "length":1016}, "id":"ASB-A-442540376-a60f6f3d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe", "target":{"file":"arch/arm64/kvm/hyp/nvhe/trace.c", "function":"__pkvm_load_tracing"}}, {"deprecated":false, "digest":{"function_hash":"166361875685499412981578313401250262055", "length":843}, "id":"ASB-A-442540376-e770a25b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a", "target":{"file":"arch/arm64/kvm/hyp/nvhe/trace.c", "function":"__pkvm_load_tracing"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2025-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a"}]}