Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
Out of bounds write in mem_protect.c could lead to local privilege escalation
CVE-2026-0028
Summary
A bug in the mem_protect.c code allows an attacker to potentially gain more access to the system without needing additional permissions. This issue requires no interaction from the user to exploit, and it affects the system's ability to protect sensitive data. To protect your system, update the affected software as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | All versions | – |
Original title
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privil...
Original description
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
8.4
Vulnerability type
CWE-190
Integer Overflow
- https://android.googlesource.com/kernel/common/+/986614312222d4b3bdcf16840cdb4ab... Patch Product
- https://android.googlesource.com/kernel/common/+/aff2255dbe38dc7c57bac8d3ba9feed... Patch Product
- https://android.googlesource.com/kernel/common/+/f3a4b4d4a1fe2aface7de74ac257b87... Patch Product
- https://source.android.com/docs/security/bulletin/2026/2026-03-01
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026