CVE-2026-0037
Received Received - Intake
Memory Corruption in ffa.c Enables Local Privilege Escalation

Publication date: 2026-03-02

Last updated on: 2026-03-06

Assigner: Android (associated with Google Inc. or Open Handset Alliance)

Description
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-06
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0037
EUVD
EUVD-2026-9249
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
google android *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in multiple functions of the ffa.c file where a logic error can cause possible memory corruption.

Because of this memory corruption, an attacker can escalate their privileges locally without needing any additional execution privileges or user interaction.

Impact Analysis

The vulnerability allows local escalation of privilege, meaning an attacker who already has some access to the system could gain higher privileges.

This could lead to unauthorized access to sensitive system functions or data, potentially compromising the security and integrity of the affected device.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves a logic error in multiple functions of ffa.c causing possible memory corruption leading to local privilege escalation. Detection would typically require checking the kernel version or patch level to see if the fix for this issue has been applied.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is in the Android Linux kernel and relates to memory handling in the Trusted Zone, direct detection via network commands is not applicable.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you can check the kernel source or kernel version for the presence of the patch identified by commit 6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031.'}, {'type': 'paragraph', 'content': 'Suggested commands to check kernel version and patch status include:'}, {'type': 'list_item', 'content': 'uname -a # To check the current kernel version'}, {'type': 'list_item', 'content': "grep -r 'FFA handle entry reservation' /path/to/kernel/source # To search for patch presence in source code"}, {'type': 'list_item', 'content': 'Check kernel changelogs or patch notes for commit ID 6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031'}] [1]

Mitigation Strategies

The immediate mitigation step is to apply the patch that reserves an FFA handle entry before committing a memory transfer to the Trusted Zone, preventing memory corruption and privilege escalation.

This patch is identified by commit 6c400c2e2e46f3a1117ce5da316ecdc1dbb1a031 and should be backported to stable kernel releases if not already present.

If you maintain your own kernel builds, ensure the patch is applied following the Linux kernel coding standards and submission guidelines.

If using a vendor kernel, check for updates or security advisories from your vendor or Android security bulletins and apply any available kernel updates that include this fix.

Until the patch is applied, restrict local user access to the system as the vulnerability allows local privilege escalation without additional execution privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0037. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart