CVE-2025-48638

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A flaw exists in the pKVM (protected Kernel-based Virtual Machine) virtualization technology within the Android operating system kernel. This issue stems from insufficient validation of input data types. Successful exploitation may allow an attacker to gain elevated privileges. User interaction is not required for exploitation. The issue resides within the pkvm load tracing function in trace.c and involves a potential out-of-bounds write due to improper input validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.