Description
In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-10
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch Now
AI Analysis

Impact

In the EfwApTransport module of Android, a missing bounds check in the ProcessRxRing function can cause an out‑of‑bounds write. This flaw allows a local attacker to overwrite arbitrary memory without needing additional execution rights, potentially giving the attacker elevated privileges on the device. The issue requires no user interaction and does not grant further execution capabilities beyond privilege escalation.

Affected Systems

The vulnerability affects Android devices supplied by Google. Specific Android releases are not enumerated in the current data, so any device running a vulnerable firmware build is potentially impacted.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity of this issue. EPSS scoring shows a probability of exploitation less than 1 percent, and the vulnerability has not been listed in the CISA KEV catalog. Exploitation would likely occur from a local attacker, such as a malicious application or compromised system component, and could lead to unauthorized access to system resources without further user action.

Generated by OpenCVE AI on April 16, 2026 at 03:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android security patch that addresses this flaw.
  • If an update is not immediately available, install any interim vendor-supplied security updates and remove or restrict the use of applications that may exploit memory corruption.
  • Enable and enforce Android’s security features such as AppOps restrictions and device administrator controls to minimize the impact of potential memory‑corrupting exploits.

Generated by OpenCVE AI on April 16, 2026 at 03:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Android EfwApTransport Enables Local Privilege Escalation

Wed, 11 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 10 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 10 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
Description In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-03-11T03:57:19.270Z

Reserved: 2025-10-23T08:43:22.537Z

Link: CVE-2026-0123

cve-icon Vulnrichment

Updated: 2026-03-10T21:09:17.589Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T21:16:45.797

Modified: 2026-03-11T16:46:11.320

Link: CVE-2026-0123

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:30:06Z

Weaknesses