CVE-2025-48638

HIGH

__pkvm_load_tracing - Privilege Escalation

Title source: llm

Description

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (3)

Core 3

Core References

Product

https://android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57fe

Product

https://android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552a

Vendor Advisory

https://source.android.com/security/bulletin/2025-12-01

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20 CWE-787

Status published

Products (1)

google/android

Published Dec 08, 2025

Tracked Since Feb 18, 2026