VDB
CVE-2025-36920
CVE-2025-36920
PUBLISHED
CVSS 8.399999618530273 HIGH
In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS 0.02% · 3.9th percentile
Risk Scores
CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
3.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | Android kernel | |
| android |
Exploit Intelligence
- https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01 (circl)
- https://source.android.com/security/bulletin/pixel/2026-03-01 (circl)
- CVE_2025_36920.java (github-poc)
- CVE_2025_36920.java (github-poc)
- CVE_2025_36920.java (github-poc)
- CVE_2025_36920.java (github-poc)
Timeline
- Mar 4, 2026 CVE Published
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 18, 2026 EPSS Score
- Mar 19, 2026 EPSS Score
- Mar 20, 2026 EPSS Score
- Mar 21, 2026 EPSS Score