PatchSiren cyber security CVE debrief
CVE-2026-0125 Google CVE debrief
CVE-2026-0125 is a use after free vulnerability in multiple functions of vpu_ioctl.c due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Vendor
- Product
- Android
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Android users and developers
Technical summary
A use after free vulnerability exists in multiple functions of vpu_ioctl.c due to a race condition. This could allow for local escalation of privilege without requiring additional execution privileges.
Defensive priority
High
Recommended defensive actions
- Apply security patches as soon as they are available
- Use secure coding practices to prevent similar vulnerabilities
Evidence notes
Vendor: Unknown Vendor, Product: Android
Official resources
-
CVE-2026-0125 CVE record
CVE.org
-
CVE-2026-0125 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0125 was published on 2026-06-16T20:16:23.430Z and modified on 2026-06-16T20:42:25.013Z.