High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-0112
High
Low
Medium
High
Critical
7.4
CVSS Score
Vulnerability Description
In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
H
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
1 configuration(s) from 1 vendor(s)
android
Version:
-
CPE:
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.
Severity Details
7.4
out of 10.0
High
Weakness Type (CWE)
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- Description
- The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- March 10, 2026
