CRITICAL🇵🇱 Wersja polska

CVE-2026-0124

CVSS 10.0v4.0pub. 2026-03-10upd. 2026-03-11

There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-787 (out of bounds write) and results from omission of buffer boundary checks before data writing. An attacker with local access to the device can trigger a write operation outside the permitted memory area, allowing manipulation of data structures or code in the process memory. The lack of any user interaction requirement and the lack of need for additional execution privileges significantly lower the entry threshold for the attacker.

Impact

An attacker can achieve privilege escalation on the local device, potentially taking control of the operating system or its critical components. In a maximum threat scenario, complete takeover of the device is possible.

Mitigation & patch

Security patches available from the manufacturer should be applied according to references — Pixel Security Bulletin available at: https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01

Who is affected

Google Android — versions indicated in manufacturer references (Pixel Security Bulletin from March 2026)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Google Android

    OS
    Google
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...