CVE-2026-0111
Out-of-Bounds Write in ns_SmscbUtilities.c Enables Remote Privilege Escalation
Publication date: 2026-03-10
Last updated on: 2026-03-11
Assigner: Google Devices
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ns_GetUserData function of the ns_SmscbUtilities.c file, where an incorrect bounds check can cause an out of bounds write.
An out of bounds write means that the program writes data outside the intended memory area, which can corrupt data or lead to unexpected behavior.
Because of this flaw, an attacker can remotely escalate their privileges without needing any additional execution privileges or user interaction.
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to escalate their privileges on the affected system.
Since no user interaction or additional execution privileges are required, the attacker could exploit this vulnerability silently and gain higher access rights.
This could lead to unauthorized access, modification, or control over the system or application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know