Description
In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-10
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation
Action: Immediate patch
AI Analysis

Impact

In the Android media framework, the mfc_dec_dqbuf routine in mfc_dec_v4l2.c contains an incorrect bounds check that can lead to an out‑of‑bounds write. The flaw allows a local user to corrupt internal memory structures and can be used to gain system privileges without requiring additional execution rights or user interaction.

Affected Systems

All devices running the affected Android platform, specifically those incorporating the Media Foundation Codec (MFC) decoder present in the versions covered by the bug. The vendor notes the issue affects the Android operating system, so any Android device using the unpatched framework is potentially impacted.

Risk and Exploitability

The vulnerability receives a high CVSS score of 8.4 and an EPSS score of less than 1%, indicating a low probability of widespread exploitation at present. It is not listed in CISA’s KEV catalog, but the severity of the local privilege escalation makes it a critical issue for devices that cannot be rapidly updated. The flaw can be leveraged by an attacker who can run code on the device, for example via a malicious application or exploited local context, to gain elevated privileges without the need for additional privilege escalation steps.

Generated by OpenCVE AI on April 16, 2026 at 03:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android security patch that addresses CVE-2026-0117.
  • If an update is not immediately available, restrict access to the affected media components by disabling or limiting camera and media playback functionality through device administration policies.
  • After applying the patch or restrictions, reboot the device to ensure the updated code is loaded and any vulnerable processes are restarted.

Generated by OpenCVE AI on April 16, 2026 at 03:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Title Android MFC Decoder Out‑of‑Bounds Write Allowing Local Privilege Escalation

Wed, 11 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 10 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-03-12T03:55:21.470Z

Reserved: 2025-10-23T08:43:14.088Z

Link: CVE-2026-0117

cve-icon Vulnrichment

Updated: 2026-03-11T14:12:58.967Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T21:16:45.163

Modified: 2026-03-11T16:50:24.607

Link: CVE-2026-0117

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:30:06Z

Weaknesses