Description
In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-02
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

In the Android kernel, an error in the function __host_check_page_state_range of mem_protect.c allows an out‑of‑bounds write due to an incorrect bounds check. The flaw is a classic heap or stack buffer overflow (CWE‑787) and can be triggered by a local user without any additional privileges or user interaction. Once triggered, the attacker can overwrite kernel memory, elevate their privileges to root, and consequently manipulate system settings, access confidential data, or disrupt device operation.

Affected Systems

The vulnerability affects the Android operating system supplied by Google. No specific kernel version was listed, so all Android kernel builds that include the vulnerable code are potentially impacted.

Risk and Exploitability

The CVSS rating of 8.4 indicates a high severity, but the EPSS score of less than 1 % and the lack of listing in the CISA KEV catalog imply a low likelihood of exploitation at present. Attackers would need local access to the device; no remote exploitation path or user interaction is required. The absence of a documented workaround means the only reliable defense is to apply the official security update as soon as it becomes available.

Generated by OpenCVE AI on April 16, 2026 at 14:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security update that includes the kernel patch for __host_check_page_state_range.
  • Verify that the device kernel has been updated to the corrected commit (refer to the GitHub source links).
  • If an update cannot be applied immediately, disable or restrict local root access and enforce SELinux enforcement to limit the impact of any local privilege escalation.

Generated by OpenCVE AI on April 16, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Title Android Kernel Out‑of‑Bounds Write Enables Local Privilege Escalation

Fri, 06 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Vendors & Products Google
Google android

Mon, 02 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-03-06T03:53:33.149Z

Reserved: 2025-10-15T15:39:11.995Z

Link: CVE-2026-0030

cve-icon Vulnrichment

Updated: 2026-03-02T20:55:17.171Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:31.217

Modified: 2026-03-06T04:16:05.950

Link: CVE-2026-0030

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:30:16Z

Weaknesses