Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2026-0110
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Vulnerability Description
In MM_DATA_IND of cn_NrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
android
Version:
-
CPE:
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
Severity Details
9.8
out of 10.0
Critical
Weakness Type (CWE)
CWE-120
Top 25 #18
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- Description
- The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- March 10, 2026
