{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0121", "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222", "state": "PUBLISHED", "assignerShortName": "Google_Devices", "dateReserved": "2025-10-23T08:43:19.699Z", "datePublished": "2026-03-10T20:46:50.360Z", "dateUpdated": "2026-03-17T20:50:55.253Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83238938-5644-45f0-9007-c0392bcf6222", "shortName": "Google_Devices", "dateUpdated": "2026-03-10T21:10:37.326Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information disclosure"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "Android kernel"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.</p>"}]}], "references": [{"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01", "tags": ["vendor-advisory"]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "cvelib 1.7.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-362", "lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T21:12:20.619537Z", "id": "CVE-2026-0121", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T20:50:55.253Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-0121", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T21:12:20.619537Z"}}}], "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01", "tags": ["vendor-advisory"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T21:12:12.557Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "Android kernel"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.7.1"}, "descriptions": [{"lang": "en", "value": "In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "supportingMedia": [{"type": "text/html", "value": "<p>In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Information disclosure"}]}], "providerMetadata": {"orgId": "83238938-5644-45f0-9007-c0392bcf6222", "shortName": "Google_Devices", "dateUpdated": "2026-03-10T21:10:37.326Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0121", "state": "PUBLISHED", "dateUpdated": "2026-03-17T20:50:55.253Z", "dateReserved": "2025-10-23T08:43:19.699Z", "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222", "datePublished": "2026-03-10T20:46:50.360Z", "assignerShortName": "Google_Devices"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En VPU, existe una posible lectura de uso despu\u00e9s de liberaci\u00f3n debido a una condici\u00f3n de carrera. Esto podr\u00eda llevar a una revelaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para su explotaci\u00f3n."}], "id": "CVE-2026-0121", "lastModified": "2026-03-17T21:16:18.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-10T21:16:45.580", "references": [{"source": "dsap-vuln-management@google.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01"}], "sourceIdentifier": "dsap-vuln-management@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android kernel"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Android", "source": "cna", "vendor": "Google"}, "product": "android", "vendor": "google"}], "analysis": {"en": {"generated_at": "2026-04-16T03:17:23.202017+00:00", "value": {"mitigation_remediation": ["Apply the official Android security patch once it is available from Google.", "Verify that the device firmware is updated to the latest supported Android build that includes the VPU fix.", "Monitor Google Android security bulletins and revoke any untrusted applications that may leverage the VPU path until the patch is applied."], "summary": {"action": "Assess Impact", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is Google Android. Specific version information is not provided, so any supported Android release that contains the VPU implementation may be impacted until a patch is released.", "description_and_impact": "A race condition in the Video Processing Unit causes a use\u2011after\u2011free read, allowing local data to be leaked. The flaw can be triggered without any additional privilege or malicious code execution. The vulnerability is classified under CWE\u2011362 (Race Condition) and CWE\u2011416 (Use After Free).", "risk_and_exploitability": "The CVSS score is 2.9, indicating low severity, and the EPSS score is less than 1%, showing a very low likelihood of exploitation. The flaw is not listed in the CISA KEV catalog. The attack can occur locally, without user interaction, and requires no elevated execution privileges."}}}}, "created": "2026-03-11T11:42:18.715360+00:00", "title": "Use\u2011After\u2011Free Race Condition in Android VPU Leading to Local Information Disclosure", "updated": "2026-04-16T03:30:06.058787+00:00", "vendors": ["google", "google$PRODUCT$android"]}