CVE-2025-48638
Description
In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE
- CWE-787 — CWE-787 Out-of-bounds Write
- CWE-20 — CWE-20 Improper Input Validation
Affected
- Google / Android — v=Android kernel [affected]
CVSS
- (none)
References
- https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe
- https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a
- https://source.android.com/security/bulletin/2025-12-01
Source
cvelistV5-main/cves/2025/48xxx/CVE-2025-48638.json