Description
In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write (CWE‑787) in the file msg_to_host_buffer.cc arises from an incorrect bounds check, allowing a local attacker to overwrite kernel memory. This vulnerability does not require any elevated execution privileges or user interaction and can be exploited by any user with local access to the device, resulting in escalation of privilege.

Affected Systems

The flaw is present in Android systems distributed by Google. No specific server or build versions are listed in the advisory, so the risk applies broadly to all Android devices that have not applied the relevant patch.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.8, indicating a high severity. The EPSS score of less than 1% suggests that exploitation attempts are rare, and the flaw is not currently listed in the CISA KEV catalog. However, because the attack requires no user interaction and can be executed locally, the potential impact remains significant for affected devices.

Generated by OpenCVE AI on June 18, 2026 at 12:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch from Google as soon as it becomes available for your device.
  • Upgrade the device to the newest Android release that incorporates the fix, if an update is available.
  • If an immediate upgrade is not possible, restrict or remove any applications that interact with the host buffer and enforce strict authentication mechanisms to limit local privileged access.

Generated by OpenCVE AI on June 18, 2026 at 12:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Android Host Buffer Leads to Local Privilege Escalation

Wed, 17 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T11:09:47.963Z

Reserved: 2025-10-23T08:44:03.771Z

Link: CVE-2026-0153

cve-icon Vulnrichment

Updated: 2026-06-16T20:54:09.238Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:25.970

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0153

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T13:00:16Z

Weaknesses