Description
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-02
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability lies in the pkvm_init_vm function within the Android pkvm module, where a logic error can cause memory corruption due to insufficient authorization checks (CWE-269). This flaw allows a local attacker to achieve privilege escalation without requiring any additional execution privileges or user interaction. The resulting compromise grants the attacker higher system privileges, potentially enabling full control of the device.

Affected Systems

Google Android kernels that include the pkvm module and have not yet received the fix from recent commits. The vulnerability applies to all Android devices running the affected kernel version.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity. The EPSS score of less than 1% suggests that, while the flaw is serious, its likelihood of exploitation in the wild is currently low. The vulnerability is not listed in the CISA KEV catalog. Exploitation does not require network access or user interaction, meaning any local user or malicious application can trigger the memory corruption by invoking the pkvm_init_vm routine.

Generated by OpenCVE AI on April 16, 2026 at 14:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android operating system that includes the security fix for pkvm_init_vm.
  • If an immediate update is unavailable, block or restrict access to the pkvm driver from untrusted processes using SELinux policies or device administrator settings.
  • Monitor the system for execution of pkvm commands and review logs for unexpected privilege escalation attempts.

Generated by OpenCVE AI on April 16, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Memory Corruption in Android pkvm_init_vm

Fri, 06 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Vendors & Products Google
Google android

Tue, 03 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 03 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-03-11T15:01:42.341Z

Reserved: 2025-10-15T15:39:10.274Z

Link: CVE-2026-0029

cve-icon Vulnrichment

Updated: 2026-03-03T14:42:03.824Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:31.117

Modified: 2026-03-06T04:16:05.783

Link: CVE-2026-0029

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:30:16Z

Weaknesses