← Back to Feed CACHED · 2026-05-17 09:42:19 · cache_key CVE-2025-29912
CVE-2026-0028 · CWE-190 · Disclosed 2026-03-02

In __pkvm_host_share_guest of mem_protect

ASSESSED — NOISGATE V0.5
Vendor
Reassessed
Verdict:
01 · The Real Story

This is a bad gearbox inside a race car, not a landmine in the parking lot

CVE-2026-0028 is an integer-overflow bug in Android's pKVM hypervisor memory-protection path, specifically __pkvm_host_share_guest in mem_protect.c, that can turn a size calculation into an out-of-bounds write. Google shipped the fix in the March 2026 Android bulletin, and the patch was backported across three Android common-kernel branches; practically, the affected population is ARM64 devices that actually ship and use pKVM/AVF and were still below the 2026-03-05 security patch level. Based on AOSP docs, pKVM is part of the Android virtualization stack on ARM64 and appears in GKI lines including android-13-5.x, with newer docs also covering android15-6.6 and android16-6.12 branch families.

Google labeled the issue Critical in the kernel-components table, but that overstates fleet risk for enterprise defenders. The blast radius on a single compromised device is ugly because this sits near the hypervisor trust boundary, yet the attack path is still local, requires code execution on the handset first, and only matters on the subset of devices where pKVM is present and reachable in real use; add no KEV, no public exploit evidence I could verify, and an EPSS of 0.00007, and this lands at ASSESSED AT HIGH, not CRITICAL.

"Assessed at HIGH: dangerous on pKVM-capable Android devices, but too narrow and post-compromise for CRITICAL"
02 · The Attack Path

4 steps from start to impact.

STEP 01

Land code execution on the handset

The attacker needs a foothold on the device first: a sideloaded app, a malicious app that made it through review, physical access with ADB, or an already-compromised local context. This CVE is not remotely reachable over the network by itself; it is a post-initial-access privilege-escalation play.
Conditions required:
  • Local execution as an unprivileged app, shell user, or equivalent handset foothold
  • Target device is Android and unpatched below security patch level 2026-03-05
Where this breaks in practice:
  • Managed Play-only deployments, MDM app allowlisting, and Play Protect reduce malicious app delivery
  • No direct network entry point; attacker must already be on the device
Detection/coverage: Classic perimeter scanners will miss this entirely. Coverage comes from MDM posture, mobile threat defense telemetry, app-install controls, and adb/debugging audit logs rather than Nessus-style network scanning.
STEP 02

Reach the pKVM memory-sharing path

The vulnerable code sits in the pKVM/AVF stack, where host and guest memory sharing is mediated through hypervisor calls. In practice, the device must actually support the ARM64 virtualization path and expose a workflow that exercises protected-VM memory sharing, whether through AVF/Microdroid usage or vendor pKVM integrations.
Conditions required:
  • ARM64 device with pKVM support present
  • A reachable code path that invokes the mem_protect HVC flow
Where this breaks in practice:
  • pKVM is not universal across the Android fleet
  • Many enterprise phones do not actively use protected VMs in normal business workflows
Detection/coverage: Asset tools usually do not enumerate pKVM state cleanly. Validation is mostly patch-level based, with optional on-device checks for virtualization artifacts such as hypervisor tracefs or AVF components.
STEP 03

Trigger integer overflow into EL2 memory corruption

The bug is a bounds-calculation failure: adding addr + size can wrap, causing range validation to lie and enabling an out-of-bounds write. Google's patch adds check_add_overflow() guards before page-state range checks, which is a strong signal that the exploitable condition is malformed size arithmetic rather than a subtle race.
Conditions required:
  • Attacker can supply crafted address/size values into the vulnerable sharing path
  • Kernel branch lacks the September 2025 backport commit
Where this breaks in practice:
  • Reliable exploitation against hypervisor-adjacent code is harder than crashing it
  • Different SoCs, branch backports, and memory layouts can make weaponization brittle
Detection/coverage: No reliable signature-based scanner for the exploit path. Kernel crash telemetry, tombstones, and unusual virtualization faults are the best weak signals if exploit development goes wrong.
STEP 04

Escalate privilege and break the trust boundary

If the attacker turns the out-of-bounds write into controlled corruption, the payoff is privilege escalation on the device with potential impact on the hypervisor boundary protecting pVM workloads. That is why the issue matters: although local, it targets one of Android's stronger isolation layers.
Conditions required:
  • Successful, stable memory corruption primitive
  • Target uses pKVM-backed isolation for sensitive workloads
Where this breaks in practice:
  • No public exploit I could verify, so operational reliability is unproven
  • On devices that never use protected VMs, the practical defender impact is narrower
Detection/coverage: Exploit success may be largely silent. Post-event indicators are more likely to come from compromise behavior on the device than from direct hypervisor detection.
03 · Intelligence Metadata

The supporting signals.

In-the-wild statusNo confirmed active exploitation found. I found no CISA KEV entry and no vendor statement claiming in-the-wild use; treat this as *currently unconfirmed*, not safe.
Proof-of-concept availabilityNo public PoC I could verify in GitHub/Exploit-DB-style searches. What is public today is the patch diff, which materially lowers exploit-development cost for a skilled Android kernel researcher.
EPSS0.00007 from the user-supplied intel block, which is extremely low and matches the narrow, local-only reachability.
KEV statusNot KEV-listed as of 2026-05-29 review date; no federal active-exploitation signal.
CVSS contextNo vendor CVSS score published. NVD shows no NVD CVSS, though CISA ADP later attached CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H as enrichment. I did not use that as a vendor baseline because the CNA/vendor bulletin did not publish a score.
Affected surfaceAndroid ARM64 pKVM/AVF path only. AOSP says AVF/pKVM is limited to ARM64, with pKVM included in android-13-5.x GKI and later branch families used by Android virtualization.
Fixed versionsPatched by Android security patch level 2026-03-05 or later. The fix appears as backports in three ACK commits: 986614312222d4b3bdcf16840cdb4abdaed8a42d, aff2255dbe38dc7c57bac8d3ba9feed989289b20, and f3a4b4d4a1fe2aface7de74ac257b8705b6de472.
Scanning / exposure dataExternal scanner data is basically irrelevant here. This is a local kernel/hypervisor flaw on handsets, not an internet-facing daemon; Shodan/Censys/GreyNoise-style exposure counts do not meaningfully describe reachable population.
Disclosure date2026-03-02 publication in NVD/CNA flow, with fixes carried in the March 2026 Android bulletin.
Research / attributionPatch authored by Vincent Donnefort (Google) in the public ACK backports. I found no public researcher write-up or credited external finder tied to this specific CVE.
04 · The Call

noisgate verdict.

Final Verdict
DOWNGRADED to HIGH (7.2/10)

The decisive factor is attacker position: this is a local, post-compromise privilege escalation, not an initial-access bug. What keeps it in HIGH instead of MEDIUM is that the vulnerable code sits in pKVM's isolation boundary, so a successful exploit can punch above normal app-to-kernel bugs on devices that actually use protected virtualization.

HIGH Local-only reachability and non-KEV status
MEDIUM Real-world exploitability on diverse OEM pKVM deployments
MEDIUM Affected population narrowing to pKVM-capable ARM64 devices

Why this verdict

  • Post-initial-access only: the attacker already needs code execution on the handset, which is immediate downward pressure from any hypothetical critical baseline.
  • Reachable population is narrower than 'all Android': this is a pKVM/AVF path on ARM64 devices, not a generic framework bug reachable on every managed phone.
  • Impact is still serious where present: the bug targets hypervisor-adjacent memory protection, so a win here can cross a stronger isolation boundary than an ordinary userspace LPE.

Why not higher?

I am not calling this CRITICAL because there is no remote path, no KEV, and no public exploit evidence I could verify. The combination of local foothold requirement plus pKVM-specific reachability means the exposed population is materially smaller than the Android bulletin's worst-case severity language suggests.

Why not lower?

I am not pushing this to MEDIUM because the vulnerable code is not low-value plumbing; it lives in pKVM memory protection, close to the trust boundary for protected VMs. If your fleet includes modern Pixel-class or premium ARM64 devices using AVF features, a successful exploit would be a meaningful device-compromise amplifier.

05 · Compensating Control

What to do — in priority order.

  1. Enforce managed app sources only — Lock the fleet to Managed Google Play or your enterprise app catalog and block sideloading; this directly attacks the most realistic prerequisite, which is landing local code execution via an app. For a HIGH verdict, deploy within 30 days.
  2. Disable USB debugging and tighten developer access — Remove easy local footholds such as ADB on production devices, especially shared kiosks, test pools, and exec devices that travel. For a HIGH verdict, enforce within 30 days through EMM policy.
  3. Prioritize pKVM-capable models in patch rings — Sort your mobile fleet by model, Android patch level, and whether the device class is likely to ship modern AVF/pKVM support; those devices deserve the front of the OTA queue. For a HIGH verdict, begin the ring-based mitigation program within 30 days.
  4. Restrict virtualization features where unused — If your device policy, OEM controls, or build profile lets you disable or avoid AVF/pVM functionality, do it on fleets that do not need Microdroid or related virtualization workflows. This narrows the reachable attack surface while you wait for the OEM patch, and should be applied within 30 days where operationally feasible.
  5. Hunt for risky mobile posture drift — Flag devices below patch level 2026-03-05, with unknown app-source enabled, developer options active, or weak device integrity posture. That gives you a practical risk stack for triage while the actual patch propagates, and should be folded into your mobile hardening checks within 30 days.
What doesn't work
  • Perimeter IPS/WAF controls do not help because this is not a network-reachable vulnerability.
  • Server-side vulnerability scanners will not tell you who is exposed; they do not meaningfully inspect local Android kernel patch state or pKVM reachability.
  • Containerizing enterprise apps does not fix a vulnerable kernel/hypervisor path once the attacker already has device-level code execution.
06 · Verification

Crowdsourced verification payload.

Run this from an auditor workstation with adb installed against a connected or remotely-debuggable Android device: ./check-cve-2026-0028.sh SERIAL1234. It needs no root for the basic patch-level verdict; if the device blocks some filesystem probes, the script will fall back to UNKNOWN rather than guessing.

noisgate-verify.sh
BASHREAD-ONLYSAFE
#!/usr/bin/env bash
# check-cve-2026-0028.sh
# Determine likely exposure to CVE-2026-0028 on an Android device via adb.
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN, 3=usage/adb failure

set -euo pipefail

if [[ $# -ne 1 ]]; then
  echo "Usage: $0 <adb-serial>"
  exit 3
fi

SERIAL="$1"
ADB=(adb -s "$SERIAL")

if ! command -v adb >/dev/null 2>&1; then
  echo "UNKNOWN"
  echo "Reason: adb not installed"
  exit 2
fi

if ! "${ADB[@]}" get-state >/dev/null 2>&1; then
  echo "UNKNOWN"
  echo "Reason: device not reachable via adb"
  exit 2
fi

getprop_safe() {
  "${ADB[@]}" shell getprop "$1" 2>/dev/null | tr -d '\r'
}

shell_safe() {
  "${ADB[@]}" shell "$1" 2>/dev/null | tr -d '\r'
}

PATCH_LEVEL="$(getprop_safe ro.build.version.security_patch)"
ABI_LIST="$(getprop_safe ro.product.cpu.abilist64)"
ARCH="$(shell_safe 'uname -m')"
SDK="$(getprop_safe ro.build.version.sdk)"
MODEL="$(getprop_safe ro.product.model)"
VIRT_APEX="$(shell_safe 'pm path com.android.virt >/dev/null 2>&1; echo $?')"
HYP_TRACE="$(shell_safe 'if [ -d /sys/kernel/tracing/hypervisor ] || [ -d /sys/kernel/debug/tracing/hypervisor ]; then echo yes; else echo no; fi')"
KVM_DEV="$(shell_safe 'if [ -e /dev/kvm ]; then echo yes; else echo no; fi')"

# Compare dates lexicographically because Android patch levels are YYYY-MM-DD.
FIXED_DATE="2026-03-05"

is_arm64=no
if [[ "$ARCH" == "aarch64" ]] || [[ "$ABI_LIST" == *"arm64"* ]]; then
  is_arm64=yes
fi

pkvm_signal=no
if [[ "$VIRT_APEX" == "0" ]] || [[ "$HYP_TRACE" == "yes" ]] || [[ "$KVM_DEV" == "yes" ]]; then
  pkvm_signal=yes
fi

echo "Model: ${MODEL:-unknown}"
echo "SDK: ${SDK:-unknown}"
echo "Arch: ${ARCH:-unknown}"
echo "Patch level: ${PATCH_LEVEL:-unknown}"
echo "AVF APEX present: ${VIRT_APEX:-unknown} (0 means present)"
echo "Hypervisor tracefs present: ${HYP_TRACE:-unknown}"
echo "/dev/kvm present: ${KVM_DEV:-unknown}"

if [[ -z "$PATCH_LEVEL" ]]; then
  echo "UNKNOWN"
  echo "Reason: unable to read security patch level"
  exit 2
fi

if [[ "$PATCH_LEVEL" > "$FIXED_DATE" || "$PATCH_LEVEL" == "$FIXED_DATE" ]]; then
  echo "PATCHED"
  echo "Reason: device patch level is ${PATCH_LEVEL}, which is >= ${FIXED_DATE}"
  exit 0
fi

if [[ "$is_arm64" != "yes" ]]; then
  echo "PATCHED"
  echo "Reason: device is not ARM64; pKVM/AVF protected mode is ARM64-focused and this CVE is not expected to apply"
  exit 0
fi

if [[ "$pkvm_signal" == "yes" ]]; then
  echo "VULNERABLE"
  echo "Reason: ARM64 device below ${FIXED_DATE} with virtualization/pKVM indicators present"
  exit 1
fi

echo "UNKNOWN"
echo "Reason: device is below ${FIXED_DATE}, but pKVM/AVF presence could not be confirmed without deeper OEM-specific inspection"
exit 2
07 · Bottom Line

If you remember one thing.

TL;DR
Monday morning, have your mobile team pull an inventory of all managed Android devices still below 2026-03-05 and sort them by model family and likely pKVM/AVF support. For this HIGH reassessment, the noisgate mitigation SLA is ≤ 30 days: within that window, lock down app sources, disable ADB/developer access on production phones, and restrict virtualization features where unused; the noisgate remediation SLA is ≤ 180 days for the actual OEM patch, but in practice you should push patched builds through your first available OTA ring as soon as your carrier/OEM channel makes them available.

Sources

  1. NVD entry for CVE-2026-0028
  2. Android Security Bulletin — March 2026
  3. ACK patch backport commit 986614312222d4b3bdcf16840cdb4abdaed8a42d
  4. ACK patch backport commit aff2255dbe38dc7c57bac8d3ba9feed989289b20
  5. ACK patch backport commit f3a4b4d4a1fe2aface7de74ac257b8705b6de472
  6. Android AVF architecture
  7. Try Android Virtualization Framework (AVF)
  8. CISA Known Exploited Vulnerabilities Catalog
Peer Review

What defenders are saying.

Submit a review attribution: handle + country only
0 flags selected · stored anonymously
Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.