Potential Risk of CVE

CVE-2026-0032 and CVE-2026-0038: Design weakness in Qualcomm SCM (Secure Channel Manager) and Qualcomm SCM/pKVM (Protected KVM). 17th Mar 2026

Leave a comment

Preface: CVE-2026-0032 and CVE-2026-0038 are very similar in terms of their root cause, impact, and remedies, as they both originate from a logical error in the Android kernel memory protection subsystem.

Background: In the Android Virtualization Framework (AVF), all guest operating systems (like the main Android OS and Microdroid) run at EL1, while the actual hypervisor (pKVM) runs at EL2. In Android downstream kernels (especially those for Qualcomm or MediaTek SoCs), the log details containing 0x%llx (a 64-bit hexadecimal address) represent physical memory ranges being transitioned into an isolated state.

This isolation is a critical security layer used to protect high-value hardware components from the main Android OS.

Key Similarities – Both vulnerabilities reside in the mem_protect[.]c file, which is responsible for enforcing memory access boundaries and managing memory protection between different execution environments (like the kernel and the Secure World).

The “similar” nature of these design weakness lies in how the qcom_scm_assign_mem logic was implemented. In both cases, the system failed to properly validate or constrain memory assignment requests, allowing a local attacker to bypass security restrictions.

Vulnerability details:

CVE-2026-0032 In multiple functions of mem_protect[.]c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Primary Driver – Qualcomm SCM (Secure Channel Manager)

CVE-2026-0038In multiple functions of mem_protect[.]c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Primary Driver – Qualcomm SCM / pKVM (Protected KVM)

Official announcement: Please refer to the link for details –  

CVE-2026-0038 – https://nvd.nist.gov/vuln/detail/CVE-2026-0038 CVE-2026-0032 – https://nvd.nist.gov/vuln/detail/CVE-2026-0032

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.