PatchSiren cyber security CVE debrief
CVE-2026-0152 Google CVE debrief
A logic error in the OSMMapPMRGeneric function of pmr_os.c could allow a local attacker to maliciously expand the VMA out of bounds by leveraging a system call to system call. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation.
- Vendor
- Product
- Android
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Android users and administrators
Technical summary
In OSMMapPMRGeneric of pmr_os.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Defensive priority
High
Recommended defensive actions
- Apply security updates as they become available
- Use secure coding practices when developing system software
Evidence notes
Vendor and product information is not confirmed. The Android Security Bulletin (resourceLinkAnnotations: ref-4) may provide additional information.
Official resources
-
CVE-2026-0152 CVE record
CVE.org
-
CVE-2026-0152 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0152 was published on 2026-06-16T20:16:25.883Z and modified on 2026-06-16T20:42:25.013Z.