GHSA-phm8-qr5m-cpmj

GHSA-phm8-qr5m-cpmj PUBLISHED CVSS 8.399999618530273 HIGH

In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS 3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

ghost_report_20260113_010235.json (github-poc)

Timeline

Mar 10, 2026 CVE Published
Mar 11, 2026 CVE Updated
Apr 10, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-0117 advisory
https://source.android.com/docs/security/bulletin/2026/2026-03-01 url
https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01 url
https://source.android.com/security/bulletin/pixel/2026-03-01 url

Open in Interactive Console →