CVE-2026-0032

In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://android.googlesource.com/kernel/common/+/048aebb861d2f3ed4d260a4c9f4e72a43cae9b1e	Patch Product
https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9	Patch Product
https://source.android.com/docs/security/bulletin/2026/2026-03-01

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-02 19:16

Updated : 2026-03-06 04:16

NVD link : CVE-2026-0032

Mitre link : CVE-2026-0032

CVE.ORG link : CVE-2026-0032

JSON object : View

Products Affected

google

android

CWE

CWE-787

Out-of-bounds Write

CWE-269

Improper Privilege Management

{"id": "CVE-2026-0032", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-03-02T19:16:31.440", "references": [{"url": "https://android.googlesource.com/kernel/common/+/048aebb861d2f3ed4d260a4c9f4e72a43cae9b1e", "tags": ["Patch", "Product"], "source": "security@android.com"}, {"url": "https://android.googlesource.com/kernel/common/+/33eb6bde43d03bd826214bbb390de62ca19621b9", "tags": ["Patch", "Product"], "source": "security@android.com"}, {"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01", "source": "security@android.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En m\u00faltiples funciones de mem_protect.c, existe una posible escritura fuera de l\u00edmites debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda llevar a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."}], "lastModified": "2026-03-06T04:16:06.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}