Impact
The vulnerability resides in several functions within vpu_ioctl.c where a race condition can cause a use‑after‑free scenario. When the race occurs, an attacker can manipulate the freed memory to execute malicious code within the context of the current user, thereby gaining elevated privileges on the device. This flaw requires no user interaction and does not provide additional execution privileges beyond the local user who triggers it.
Affected Systems
Affected systems are devices running Google Android that include the vulnerable vpu_ioctl component. No specific Android releases are listed in the data; the issue applies to all releases that contain the unpatched code referenced in the Google Pixel 2026 security bulletin.
Risk and Exploitability
The CVSS score of 7 indicates a moderate‑to‑high severity. The EPSS score of less than 1% shows that the likelihood of exploitation is currently low. The vulnerability is not listed in the CISA KEV catalog, so no confirmed exploitation is known. Because exploitation is local and does not require user interaction, the attack vector is inferred to be local command execution that triggers the race condition on the affected device.
OpenCVE Enrichment