{"id":"ASB-A-442540376","details":"In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-442540376","CVE-2025-48638"],"modified":"2026-04-21T15:25:42.831358Z","published":"2025-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-12-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2025-12-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe","https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a"],"vanir_signatures":[{"deprecated":false,"target":{"file":"arch/arm64/kvm/hyp/nvhe/trace.c"},"source":"https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe","digest":{"threshold":0.9,"line_hashes":["90558166005269909930284086201071750075","287599274834125049811271675874841952531","18804106768587692893641876941213863145","28121679916102027148475347188111081201","191410894214813062980060039031238067394","305081180542143264441251109293065859862","312843914770600634379606858910406254829","149326353072186615715133350665055426599","162137619357973724339660243284734951446","314910139000023664835077072904995840933"]},"id":"ASB-A-442540376-69dbf411","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"target":{"file":"arch/arm64/kvm/hyp/nvhe/trace.c"},"source":"https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a","digest":{"threshold":0.9,"line_hashes":["320573784483962119336444912046099381674","142639344079230660226354642835805425334","6557964387277942376636085844154584662","148403631429166932821378813147089635186","155257617133160059537638078063901500560","235449450205629975573594586092400618099","81838477260421453430615412376897544973","328692992502970810698612054764776044997","41983219151228460750004362198517182568","301649500598785356277496269540784339689"]},"id":"ASB-A-442540376-71a26b14","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"target":{"function":"__pkvm_load_tracing","file":"arch/arm64/kvm/hyp/nvhe/trace.c"},"source":"https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe","digest":{"length":1016,"function_hash":"95942719740207928120481650673794265676"},"id":"ASB-A-442540376-a60f6f3d","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"target":{"function":"__pkvm_load_tracing","file":"arch/arm64/kvm/hyp/nvhe/trace.c"},"source":"https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a","digest":{"length":843,"function_hash":"166361875685499412981578313401250262055"},"id":"ASB-A-442540376-e770a25b","signature_version":"v1","signature_type":"Function"}],"spl":"2025-12-05","severity":"Critical","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-442540376.json"}}],"schema_version":"1.7.5"}