VDB
ASB-A-459479964
ASB-A-459479964
PUBLISHED
CVSS 8.600000381469727 HIGH
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | :linux_kernel: | :0, *, :0 |
Exploit Intelligence
- index.html (github-poc)
- CVE_2026_0038.java (github-poc)
- cve_2026_0038.c (github-poc)
- ghost_report_20260113_010235.json (github-poc)
Timeline
- Mar 1, 2026 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2026-03-01 advisory
- https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739 patch
- https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4 patch
- https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a patch
- https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321 patch
- https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41 patch
- https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae patch
- https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f patch