Description
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-10
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

ns_GetUserData in the Android SMS utility contains an out‑of‑bounds write due to an incorrect bounds check. The flaw can be triggered without user interaction and allows an attacker to overwrite memory, enabling the escalation of privileges on the device. The impact is the ability to gain higher system privileges.

Affected Systems

The vulnerability affects Android devices running the Google Android operating system. Specific versions are not enumerated in the advisory, but the issue originates in the ns_SmscbUtilities.c component found in the core Android OS shipped by Google.

Risk and Exploitability

The CVSS score of 9.8 rates this flaw as Critical, and the EPSS score of less than 1% indicates a very low probability of widespread exploitation at present. The flaw is not listed in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is remotely sending a crafted SMS or triggering the messaging service, as the function can be invoked without user interaction. The absence of additional execution privileges needed makes the flaw particularly dangerous to devices that receive SMS messages.

Generated by OpenCVE AI on April 16, 2026 at 09:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android security patch available from the manufacturer
  • Enable automatic system updates to receive future patches promptly
  • Restrict or monitor applications that can process SMS messages to reduce exposure to malicious input

Generated by OpenCVE AI on April 16, 2026 at 09:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Out‑Of‑Bounds Write in Android SMS Utility Leading to Remote Privilege Escalation

Wed, 11 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 10 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-03-12T03:55:26.381Z

Reserved: 2025-10-23T08:43:08.281Z

Link: CVE-2026-0113

cve-icon Vulnrichment

Updated: 2026-03-11T14:37:12.437Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T21:16:44.753

Modified: 2026-03-11T17:13:57.523

Link: CVE-2026-0113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:30:06Z

Weaknesses