{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0117", "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222", "state": "PUBLISHED", "assignerShortName": "Google_Devices", "dateReserved": "2025-10-23T08:43:14.088Z", "datePublished": "2026-03-10T20:46:46.359Z", "dateUpdated": "2026-03-11T14:13:10.526Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83238938-5644-45f0-9007-c0392bcf6222", "shortName": "Google_Devices", "dateUpdated": "2026-03-10T21:09:32.448Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Elevation of privilege"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "Android kernel"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.</p>"}]}], "references": [{"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01", "tags": ["vendor-advisory"]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "cvelib 1.7.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T14:13:07.164087Z", "id": "CVE-2026-0117", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:13:10.526Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-0117", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T14:13:07.164087Z"}}}], "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01", "tags": ["vendor-advisory"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:12:58.967Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "Android kernel"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.7.1"}, "descriptions": [{"lang": "en", "value": "In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "supportingMedia": [{"type": "text/html", "value": "<p>In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Elevation of privilege"}]}], "providerMetadata": {"orgId": "83238938-5644-45f0-9007-c0392bcf6222", "shortName": "Google_Devices", "dateUpdated": "2026-03-10T21:09:32.448Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0117", "state": "PUBLISHED", "dateUpdated": "2026-03-11T14:13:10.526Z", "dateReserved": "2025-10-23T08:43:14.088Z", "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222", "datePublished": "2026-03-10T20:46:46.359Z", "assignerShortName": "Google_Devices"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In mfc_dec_dqbuf of mfc_dec_v4l2.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En mfc_dec_dqbuf de mfc_dec_v4l2.c, existe una posible escritura fuera de l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se requiere interacci\u00f3n del usuario para la explotaci\u00f3n."}], "id": "CVE-2026-0117", "lastModified": "2026-03-11T15:16:25.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-10T21:16:45.163", "references": [{"source": "dsap-vuln-management@google.com", "url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"}], "sourceIdentifier": "dsap-vuln-management@google.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android kernel"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Android", "source": "cna", "vendor": "Google"}, "product": "android", "vendor": "google"}], "created": "2026-03-11T11:42:24.307208+00:00", "updated": "2026-03-11T11:42:24.307321+00:00", "vendors": ["google", "google$PRODUCT$android"]}