Impact
An out‑of‑bounds write (CWE‑787) in the file msg_to_host_buffer.cc arises from an incorrect bounds check, allowing a local attacker to overwrite kernel memory. This vulnerability does not require any elevated execution privileges or user interaction and can be exploited by any user with local access to the device, resulting in escalation of privilege.
Affected Systems
The flaw is present in Android systems distributed by Google. No specific server or build versions are listed in the advisory, so the risk applies broadly to all Android devices that have not applied the relevant patch.
Risk and Exploitability
The vulnerability carries a CVSS score of 7.8, indicating a high severity. The EPSS score of less than 1% suggests that exploitation attempts are rare, and the flaw is not currently listed in the CISA KEV catalog. However, because the attack requires no user interaction and can be executed locally, the potential impact remains significant for affected devices.
OpenCVE Enrichment