{"id":"ASB-A-373638114","details":"In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-373638114","CVE-2025-22413"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2025-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-03-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/1a3366f0d3d9b94a8c025d9863edc3b427435c4c"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/add3d68602a0c48ed2d5659f0cf26d869776ab35"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2025-03-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/kernel/common/+/1a3366f0d3d9b94a8c025d9863edc3b427435c4c","https://android.googlesource.com/kernel/common/+/add3d68602a0c48ed2d5659f0cf26d869776ab35"],"vanir_signatures":[{"digest":{"function_hash":"6612826506756150171725956826780828467","length":512},"id":"ASB-A-373638114-1a658daa","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/add3d68602a0c48ed2d5659f0cf26d869776ab35","target":{"file":"arch/arm64/kvm/hyp/nvhe/hyp-main.c","function":"handle___kvm_vcpu_run"},"signature_type":"Function"},{"digest":{"function_hash":"6612826506756150171725956826780828467","length":512},"id":"ASB-A-373638114-277f8b35","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/1a3366f0d3d9b94a8c025d9863edc3b427435c4c","target":{"file":"arch/arm64/kvm/hyp/nvhe/hyp-main.c","function":"handle___kvm_vcpu_run"},"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["88806487874079903129932328106404966041","192608094885790267886802684299369199796","37046479976891882149375872543523566445","166722324875833711955036644161891583204","59496392083652247504463708794120173392","33932093482366427293180854021950481040","189068059293782396451140393116015011694","53925709729284983910903683264871566247","201543084831759698333199909933197473931","251721975929196173730805254998025562577","263035614853255340998385577026896881639","91085910657237868778890481738821299453","161599105729585692481879944017378241589","337080295458693975985373773423197310154","255909480030532430153738347682455354819","144216150692101086188934081520817539599","74031601620163822489627961477861841251","111604734531736771629519158137139276346","227243364153970874742953449006592725522"]},"id":"ASB-A-373638114-81a6bc7b","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/add3d68602a0c48ed2d5659f0cf26d869776ab35","target":{"file":"arch/arm64/kvm/hyp/nvhe/hyp-main.c"},"signature_type":"Line"},{"id":"ASB-A-373638114-9eb2130f","digest":{"function_hash":"148454252575681090957833428128627055637","length":1076},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/1a3366f0d3d9b94a8c025d9863edc3b427435c4c","target":{"file":"arch/arm64/kvm/hyp/nvhe/hyp-main.c","function":"flush_hyp_vcpu"},"signature_type":"Function"},{"id":"ASB-A-373638114-c17614d0","digest":{"threshold":0.9,"line_hashes":["88806487874079903129932328106404966041","192608094885790267886802684299369199796","37046479976891882149375872543523566445","166722324875833711955036644161891583204","59496392083652247504463708794120173392","33932093482366427293180854021950481040","189068059293782396451140393116015011694","53925709729284983910903683264871566247","201543084831759698333199909933197473931","251721975929196173730805254998025562577","263035614853255340998385577026896881639","91085910657237868778890481738821299453","161599105729585692481879944017378241589","337080295458693975985373773423197310154","255909480030532430153738347682455354819","144216150692101086188934081520817539599","74031601620163822489627961477861841251","111604734531736771629519158137139276346","227243364153970874742953449006592725522"]},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/1a3366f0d3d9b94a8c025d9863edc3b427435c4c","target":{"file":"arch/arm64/kvm/hyp/nvhe/hyp-main.c"},"signature_type":"Line"},{"id":"ASB-A-373638114-c4e3c51d","digest":{"function_hash":"148454252575681090957833428128627055637","length":1076},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/add3d68602a0c48ed2d5659f0cf26d869776ab35","target":{"file":"arch/arm64/kvm/hyp/nvhe/hyp-main.c","function":"flush_hyp_vcpu"},"signature_type":"Function"}],"spl":"2025-03-05","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-373638114.json"}}],"schema_version":"1.7.5"}