Description
In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds write in the lwis_io_buffer.c module of Android, caused by memory corruption within the lwis_io_buffer_write function. This flaw can allow a local attacker to overwrite memory arbitrarily, potentially leading to execution of arbitrary code with system privileges. No user interaction is required for exploitation, which means any user with access to the device could trigger this escalation.

Affected Systems

The affected product is the Android operating system distributed by Google. Specific version information is not provided in the CVE data, so the vulnerability may exist in any recent Android release that includes the vulnerable lwis_io_buffer implementation.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity level for privilege escalation. The EPSS score of less than 1% suggests that current exploitation activity is extremely low. The vulnerability is not listed in the CISA KEV catalog, implying no publicly known large-scale exploitation. The likely attack vector is local, as the flaw requires direct access to the device or a trusted local process to trigger the buffer write. Given the high impact and local nature, the risk to affected users remains significant until the flaw is remediated.

Generated by OpenCVE AI on June 17, 2026 at 18:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Android OS to the latest security patch that addresses the lwis_io_buffer write flaw
  • Restrict installation of untrusted applications that could be used to inject local code paths
  • Implement or enforce workspace restrictions and application sandboxing to limit the ability of local code to write beyond designated memory boundaries

Generated by OpenCVE AI on June 17, 2026 at 18:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Android lwis_io_buffer Leading to Local Privilege Escalation

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CWE-787
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T03:56:21.152Z

Reserved: 2025-10-23T08:43:42.415Z

Link: CVE-2026-0138

cve-icon Vulnrichment

Updated: 2026-06-16T20:21:21.938Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:24.623

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0138

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T18:15:10Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-787

    Out-of-bounds Write