CVE-2026-0119
Out-of-Bounds Write in usim_SendMCCMNCIndMsg Causes Privilege Escalation
Publication date: 2026-03-10
Last updated on: 2026-03-11
Assigner: Google Devices
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the function usim_SendMCCMNCIndMsg within the file usim_Registration.c. It involves a possible out of bounds write caused by memory corruption.
Such an out of bounds write can overwrite memory locations that should not be modified, potentially leading to unexpected behavior or security issues.
How can this vulnerability impact me? :
This vulnerability could lead to a physical escalation of privilege without requiring any additional execution privileges.
Exploitation does not require user interaction, which means an attacker could potentially exploit this vulnerability remotely or without the user's knowledge.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know