High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-0107
High
Low
Medium
High
Critical
8.4
CVSS Score
Vulnerability Description
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
android
Version:
-
CPE:
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
Severity Details
8.4
out of 10.0
High
Weakness Type (CWE)
CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
- Description
- The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control…
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- March 10, 2026
