Description
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-02
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation via kernel out‑of‑bounds write
Action: Apply patch
AI Analysis

Impact

An integer overflow in the Android kernel function __pkvm_host_share_guest can cause an out‑of‑bounds memory write, directly compromising kernel integrity. Based on the description, it is inferred that the attack can be performed locally by an unprivileged user, allowing elevation to superuser status without needing additional execution rights or user interaction. This vulnerability is a classic example of integer overflow leading to an out‑of‑bounds write, categorized as CWE‑190.

Affected Systems

Google Android devices that run kernel versions affected by the integer overflow bug are vulnerable. No explicit release or build numbers are listed in the available data; therefore, it is inferred that all Android kernel releases preceding the confirmed patch are potentially at risk. Device owners should verify their kernel version against the vendor's security update to confirm exposure.

Risk and Exploitability

The CVSS score of 8.4 classifies this issue as high severity, indicating a significant potential impact. The EPSS value of less than 1 % suggests that public exploitation likelihood is low at present, and the vulnerability is not listed in CISA’s KEV catalog. Nevertheless, the lack of user interaction requirements means that any local attacker can exploit the flaw, making it a critical concern for environments where untrusted code could run in user space or where elevation from user‑level to kernel‑level is possible.

Generated by OpenCVE AI on April 17, 2026 at 13:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security update that fixes the kernel integer‑overflow bug
  • Upgrade the device to the newest Android OS build that includes the patch
  • If an immediate OS update is unavailable, limit or disable the kernel feature that triggers __pkvm_host_share_guest, and employ kernel integrity monitoring to detect any reintroduction of the vulnerability

Generated by OpenCVE AI on April 17, 2026 at 13:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Vendors & Products Google
Google android

Mon, 02 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-03-06T03:52:49.612Z

Reserved: 2025-10-15T15:39:08.757Z

Link: CVE-2026-0028

cve-icon Vulnrichment

Updated: 2026-03-02T20:59:29.255Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:31.007

Modified: 2026-03-06T04:16:05.607

Link: CVE-2026-0028

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:45:16Z

Weaknesses