8.4
CVE-2026-0029
- EPSS 0.11%
- Veröffentlicht 02.03.2026 18:42:51
- Zuletzt bearbeitet 06.03.2026 04:16:05
- Quelle security@android.com
- CVE-Watchlists
- Unerledigt
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.014 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://android.googlesource.com/kernel/common/+/ae242b26371808a221578b89c937568781719d2c
https://android.googlesource.com/kernel/common/+/42eff3b2fd3a906ac8cdb6284d3265bc0856b56b
https://android.googlesource.com/kernel/common/+/749cf1743eb22eff1851c68a533147e1af97a9bf
https://source.android.com/docs/security/bulletin/2026/2026-03-01