PatchSiren cyber security CVE debrief
CVE-2026-0143 Google CVE debrief
CVE-2026-0143 is a use after free vulnerability in lwis_device_external_event_emit of lwis_event.c. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. The CVE was published on 2026-06-16T20:16:25.083Z and modified on 2026-06-16T20:42:25.013Z.
- Vendor
- Product
- Android
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Android users and administrators
Technical summary
In lwis_device_external_event_emit of lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Defensive priority
High
Recommended defensive actions
- Apply security updates as they become available
- Use secure coding practices to prevent similar vulnerabilities
Evidence notes
Vendor: Unknown Vendor, Product: Android
Official resources
-
CVE-2026-0143 CVE record
CVE.org
-
CVE-2026-0143 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
public