Preface: Qualcomm’s pVM (Protected Virtual Machine) refers to the secure, isolated virtual machine environment supported by the Gunyah hypervisor. PVMFW (pVM Firmware) is the specific binary code (pvmfw.bin) executed first within a pVM to bootstrap secure boot, validate the environment, and derive unique secrets for that specific guest. In short, pVM is the container, while pvmfw is the secure bootloader for that container.

Background: To “read the memory” of a Microdroid pVM from the host, you cannot bypass the hypervisor’s isolation. Instead, you must use Binder RPC (over virtio-vsock) to request data from a service running inside the pVM. Qualcomm’s sensitive keys (such as encryption keys and passwords) are typically stored in its Trusted Execution Environment (TEE) or a dedicated RPMB (Replay Protected Memory Block) partition. The RPMB is a hardware partition on the storage chip. It is managed and “owned” by the TEE (Secure World), while the EL1 Kernel and EL2 Hypervisor serve only as communication bridges for data transit.

Remark: Refer to the attached diagram, the AIDL code design follows the standard RPC (Remote Procedure Call) pattern. The fundamental “design limitation” here is that the Guest (Microdroid) must trust the Hypervisor (EL2) to enforce the boundaries.

If CVE-2025-47378 is present:

1.Your readData function is “truthful” and only returns 1024 bytes.

2.However, the Host app uses the Hypervisor flaw to read the other memory in your pVM where your actual secrets (keys, sensitive processing) might be stored.

Vulnerability details: Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.

Official announcement: Please refer to the link for details – https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html