Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0038

Summary
Assigner-google_android
Assigner Org ID-baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At-02 Mar, 2026 | 18:42
Updated At-03 Mar, 2026 | 04:56
Rejected At-
Credits

In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:google_android
Assigner Org ID:baff130e-b8d5-4e15-b3d3-c3cf5d5545c6
Published At:02 Mar, 2026 | 18:42
Updated At:03 Mar, 2026 | 04:56
Rejected At:
â–¼CVE Numbering Authority (CNA)

In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products
Vendor
Google LLCGoogle
Product
Android
Default Status
unaffected
Versions
Affected
  • Android kernel
Problem Types
TypeCWE IDDescription
N/AN/AElevation of privilege
Type: N/A
CWE ID: N/A
Description: Elevation of privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739
N/A
https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4
N/A
https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a
N/A
https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321
N/A
https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41
N/A
https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae
N/A
https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f
N/A
https://source.android.com/security/bulletin/2026-03-01
N/A
Hyperlink: https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739
Resource: N/A
Hyperlink: https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4
Resource: N/A
Hyperlink: https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a
Resource: N/A
Hyperlink: https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321
Resource: N/A
Hyperlink: https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41
Resource: N/A
Hyperlink: https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae
Resource: N/A
Hyperlink: https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f
Resource: N/A
Hyperlink: https://source.android.com/security/bulletin/2026-03-01
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-noinfoCWE-noinfo Not enough information
Type: CWE
CWE ID: CWE-noinfo
Description: CWE-noinfo Not enough information
Metrics
VersionBase scoreBase severityVector
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@android.com
Published At:02 Mar, 2026 | 19:16
Updated At:03 Mar, 2026 | 15:31

In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>android>>-
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8aesecurity@android.com
Patch
Product
https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41security@android.com
Patch
Product
https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739security@android.com
Patch
Product
https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52asecurity@android.com
Patch
Product
https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321security@android.com
Patch
Product
https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1fsecurity@android.com
Patch
Product
https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4security@android.com
Patch
Product
https://source.android.com/security/bulletin/2026-03-01security@android.com
Broken Link
Hyperlink: https://android.googlesource.com/kernel/common/+/1bf8033b56a45165602f8116e0a0d2e767f1e8ae
Source: security@android.com
Resource:
Patch
Product
Hyperlink: https://android.googlesource.com/kernel/common/+/513ea99ae008b81dd266bf6e361627c058ddde41
Source: security@android.com
Resource:
Patch
Product
Hyperlink: https://android.googlesource.com/kernel/common/+/652b7b6bf9a62cc12c3a071bab4e92314f046739
Source: security@android.com
Resource:
Patch
Product
Hyperlink: https://android.googlesource.com/kernel/common/+/7e1d15d29b7fe0f858926a8bcaf929b75db9e52a
Source: security@android.com
Resource:
Patch
Product
Hyperlink: https://android.googlesource.com/kernel/common/+/b23a5bfa1fb8f9525e21f095a87486a2bd856321
Source: security@android.com
Resource:
Patch
Product
Hyperlink: https://android.googlesource.com/kernel/common/+/d884f499434c224285c30d460681f1ce76a8cf1f
Source: security@android.com
Resource:
Patch
Product
Hyperlink: https://android.googlesource.com/kernel/common/+/f090d4b083a9ef4831f99e692c239542dd385cb4
Source: security@android.com
Resource:
Patch
Product
Hyperlink: https://source.android.com/security/bulletin/2026-03-01
Source: security@android.com
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

104Records found
CVE-2018-9469
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.31%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 16:53
Updated-18 Dec, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-862
Missing Authorization
CVE-2018-9377
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.02% / 5.21%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 00:23
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2018-9363
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.03% / 8.32%
||
7 Day CHG~0.00%
Published-06 Nov, 2018 | 17:00
Updated-16 Sep, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-androiddebian_linuxlinux_kernelubuntu_linuxAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-22406
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.51%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 22:48
Updated-02 Sep, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found