ASB-A-363259128 — Vulnetix

ASB-A-363259128 PUBLISHED CVSS 8.600000381469727 HIGH

In cma_heap_vm_fault of cma_heap.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS 4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Android	:linux_kernel:	Kernel, :0, Kernel

Timeline

Mar 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-03-01 advisory
https://android.googlesource.com/kernel/common/+/35fae63593135636e7f80a3570e0ee45e63b6b19 patch
https://android.googlesource.com/kernel/common/+/84175dc5b2c932266a50c04e5ce342c30f817a2f patch

Open in Interactive Console →