CVE-2026-0037

In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

17 Jun 2026, 10:10

Type Values Removed Values Added
Summary
  • (es) En múltiples funciones de ffa.c, hay una posible corrupción de memoria debido a un error de lógica en el código. Esto podría llevar a una escalada de privilegios local sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación.

06 Mar 2026, 04:16

Type Values Removed Values Added
References
  • {'url': 'https://source.android.com/security/bulletin/2026-03-01', 'tags': ['Broken Link'], 'source': 'security@android.com'}
  • () https://source.android.com/docs/security/bulletin/2026/2026-03-01 -

03 Mar 2026, 15:30

Type Values Removed Values Added
First Time Google android
Google
CWE CWE-787
CPE cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
References () https://android.googlesource.com/kernel/common/+/6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031 - () https://android.googlesource.com/kernel/common/+/6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031 - Patch, Product
References () https://source.android.com/security/bulletin/2026-03-01 - () https://source.android.com/security/bulletin/2026-03-01 - Broken Link

02 Mar 2026, 21:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.4

02 Mar 2026, 19:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-03-02 19:16

Updated : 2026-06-17 10:10


NVD link : CVE-2026-0037

Mitre link : CVE-2026-0037

CVE.ORG link : CVE-2026-0037


JSON object : View

Products Affected

google

  • android
CWE
CWE-787

Out-of-bounds Write