Impact
A logic error in the OSMMapPMRGeneric module of pmr_os.c can cause a malicious system call to expand the virtual memory area beyond its allocated bounds. The resulting out‑of‑bounds write can elevate a local user’s privileges without granting additional execution rights. The vulnerability is classified as CWE‑119 and does not require user interaction or any special execution privileges beyond those of the local user.
Affected Systems
The flaw exists in Android devices that include the affected pmr_os.c component. No specific Android version numbers are disclosed in the advisory, so all devices running this code path are potentially vulnerable until a patch is applied.
Risk and Exploitability
The CVSS score of 7.8 indicates high impact, while the EPSS of less than 1% suggests that exploit attempts are expected to be infrequent at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires local system access – an attacker already running with access to the device can trigger the bounds overflow and gain escalated privileges. The attack vector is therefore local and does not rely on network or user interaction.
OpenCVE Enrichment