ASB-A-443668075 — Vulnetix

ASB-A-443668075 PUBLISHED CVSS 8.600000381469727 HIGH

In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS 4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Android	:linux_kernel:	:0, Kernel, :0

Exploit Intelligence

ghost_report_20260113_010235.json (github-poc)

Timeline

Mar 1, 2026 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2026-03-01 advisory
https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c patch
https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b patch
https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf patch

Open in Interactive Console →