VDB
CVE-2026-0117
CVE-2026-0117
PUBLISHED
CVSS 8.399999618530273 HIGH
In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS 0.01% · 0.8th percentile
Risk Scores
CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.01%
0.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | Android kernel, Android kernel | |
| android |
Exploit Intelligence
- https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01 (circl)
- https://source.android.com/docs/security/bulletin/2026/2026-03-01 (circl)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
- ghost_report_20260113_010235.json (github-poc)
Timeline
- Mar 4, 2026 CVE Published
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 18, 2026 EPSS Score
- Mar 19, 2026 EPSS Score
- Mar 20, 2026 EPSS Score
- Mar 21, 2026 EPSS Score
References
- https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01?hl=fr advisory
- https://source.android.com/docs/security/bulletin/2026/2026-03-01 vendor-advisory
- https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-0117 advisory
- https://source.android.com/security/bulletin/pixel/2026-03-01 url