{"id":"ASB-A-443053939","details":"In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-443053939","CVE-2025-48624"],"modified":"2026-04-17T15:55:28.020024Z","published":"2025-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-12-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/0668e45a43398a07c3aa2ae08903097657efd87e"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2025-12-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/0668e45a43398a07c3aa2ae08903097657efd87e"],"vanir_signatures":[{"id":"ASB-A-443053939-694e73c8","target":{"file":"drivers/iommu/arm/arm-smmu-v3/pkvm/arm-smmu-v3.c","function":"smmu_alloc_l2_strtab"},"source":"https://android.googlesource.com/kernel/common/+/0668e45a43398a07c3aa2ae08903097657efd87e","deprecated":false,"signature_type":"Function","digest":{"function_hash":"89112304659206124374784995522394164777","length":604},"signature_version":"v1"},{"id":"ASB-A-443053939-9833bf10","target":{"file":"drivers/iommu/arm/arm-smmu-v3/pkvm/arm-smmu-v3.c","function":"smmu_get_ste_ptr"},"source":"https://android.googlesource.com/kernel/common/+/0668e45a43398a07c3aa2ae08903097657efd87e","deprecated":false,"signature_type":"Function","digest":{"function_hash":"254947841147691385963231886075804060339","length":544},"signature_version":"v1"},{"id":"ASB-A-443053939-9c89166c","target":{"file":"drivers/iommu/arm/arm-smmu-v3/pkvm/arm-smmu-v3.c"},"source":"https://android.googlesource.com/kernel/common/+/0668e45a43398a07c3aa2ae08903097657efd87e","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["123717314630737266316263749607086366144","208788196015358564897826210655502384192","314768007601559568015928284046317185779","170134573695407697228713602956624466028","71503462268788871399028123904618807011","58588247839117164910415391795129220687","282193983279215686048348343600608163192","11695904542341441564900542714339160775","111546966235554583054422456251451739845","85557711710744185499431237729472753636","305132519875034178672895589011796326582","174013386269392036150388227845564496621","43054857435168662742274417568823504137"]},"signature_version":"v1"}],"spl":"2025-12-05","severity":"Critical","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-443053939.json"}}],"schema_version":"1.7.5"}