CVE-2025-48647
In cpmfwtpmsghandler of cpm/google/lib/tracepoint/cpmfwtpipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...