Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Feb 26, 2026

CVE-2025-48638

Description

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected products

Google/Androidv5
Range: Android kernel

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

android.googlesource.com/kernel/common/+/0429b7af308cf65c84109c08d06b01950dcd57femitre
android.googlesource.com/kernel/common/+/96ebe96170d67df5072afa2ce84622f5a0ff552amitre
source.android.com/security/bulletin/2025-12-01mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000