Description
In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-10
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

This vulnerability arises from a possible out-of-bounds write in several components of the Android operating system. The memory corruption can be exploited to execute arbitrary code without requiring elevated privileges, leading to total compromise of system confidentiality, integrity, and availability. The weakness corresponds to CWE‑787 buffer over-read/write vulnerabilities.

Affected Systems

The flaw affects devices running the Google Android operating system. No specific sub‑versions are listed in the public data, so all releases that include the affected code paths are potentially vulnerable until updated by Google as described in the 2026‑03‑01 Security Bulletin.

Risk and Exploitability

The CVSS score of 8.4 indicates severe risk, while the EPSS score of less than 1% suggests that, as of the current data set, exploitation is unlikely but still possible. The vulnerability can be triggered without user interaction and therefore constitutes a remote code execution risk that can be leveraged from a local adversary or an attacker who can deliver malicious input to the affected component. Because it is not listed in CISA’s KEV catalog, there are no known widespread exploits, but the potential impact warrants a high priority response.

Generated by OpenCVE AI on April 16, 2026 at 03:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Android operating system to the latest security patch version released in the 2026‑03‑01 Security Bulletin.
  • Refrain from installing applications from untrusted sources and enforce the device's app sandbox policies until a vendor fix is available.
  • Implement monitoring for anomalous memory accesses or unexpected process activity that could indicate exploitation of an out‑of‑bounds write.

Generated by OpenCVE AI on April 16, 2026 at 03:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write Allowing Remote Code Execution on Android

Wed, 11 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 10 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-03-11T03:57:20.373Z

Reserved: 2025-10-23T08:43:20.961Z

Link: CVE-2026-0122

cve-icon Vulnrichment

Updated: 2026-03-10T21:11:27.231Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T21:16:45.690

Modified: 2026-03-11T16:46:36.447

Link: CVE-2026-0122

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:30:06Z

Weaknesses