CVE-2026-0028
Integer Overflow in pkvm_host_share_guest Causes Local Privilege Escalation
Publication date: 2026-03-02
Last updated on: 2026-03-06
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-0028 is a vulnerability in the Android kernel's KVM (Kernel-based Virtual Machine) implementation for the ARM64 architecture. It occurs in the function __pkvm_host_share_guest within the mem_protect.c file, where an integer overflow can cause an out-of-bounds write."}, {'type': 'paragraph', 'content': 'This integer overflow leads to improper boundary checks on memory protection regions, allowing memory to be accessed or modified beyond its intended limits.'}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited locally without requiring any additional execution privileges or user interaction.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to a local escalation of privilege on affected devices. An attacker with local access could exploit the integer overflow to write out of bounds in memory, potentially gaining higher privileges than intended.
Such privilege escalation could allow the attacker to bypass security restrictions, access sensitive data, or execute unauthorized actions on the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "To mitigate this vulnerability, apply the patch that enforces size overflow checks in the ARM64 KVM hypervisor's mem_protect calls. This patch adds boundary checks to prevent out-of-bounds memory access and privilege escalation."}, {'type': 'paragraph', 'content': 'Specifically, update your Android kernel to include the commit with hash 986614312222d4b3bdcf16840cdb4abdaed8a42d, which fixes the issue in the file arch/arm64/kvm/hyp/nvhe/mem_protect.c.'}] [1]