EUVD-2026-37177

In lwisdeviceexternaleventemit of lwisevent.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37187

In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37171

In edgetpusyncfencegroupshutdown of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37208

In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0152

In OSMMapPMRGeneric of pmros.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

CVE-2026-0153

In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0133

In smmuattachdev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0125

In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0131

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0153

CVE-2026-0153 describes a possible out-of-bounds write in Write of msg_to_host_buffer.cc due to an incorrect bounds check. This could enable local privilege escalation with no extra user interaction required. Exploitation details are not provided in the documents; no explicit mitigation or affect...

CVE-2026-0152

In OSMMapPMRGeneric of pmros.c, there is a possible way to leverage a system call to system call to maliciously expand the VMA out of bounds due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

CVE-2026-0150

The CVE-2026-0150 issue affects EdgeTPU firmware, specifically the ExecuteGraph command handler. A vulnerability in the component allows an out-of-bounds write triggered by an integer overflow, leading to local escalation of privilege with root privileges required. Exploitation details (e.g., exp...

CVE-2026-0143

The CVE-2026-0143 entry describes a memory corruption vulnerability in the Linux Wireless Interface Subsystem (lwis) code path: lwis_device_external_event_emit in lwis_event.c. A use-after-free condition could lead to local escalation of privilege with System execution privileges required, and ex...

CVE-2026-0138

In lwisiobufferwrite of lwisiobuffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0137

CVE-2026-0137 describes a use-after-free in edgetpu_sync_fence_group_shutdown() within edgetpu-dmabuf.c that can lead to local elevation of privilege with System execution privileges required. The available connected documents confirm the vulnerable component and the weakness but do not provide a...

CVE-2026-0133

The CVE describes a vulnerability in ARM SMMU v3 code (smmu_attach_dev in arm-smmu-v3.c) where a missing permission check could allow signing of malicious Android Runtime bootclass artifacts, enabling local privilege escalation without extra execution privileges and without user interaction. The ...

CVE-2026-0131

The provided connected documents confirm a vulnerability in the RtpPacket::decodePacket path, described as an out-of-bounds access caused by an integer overflow. The impact stated is local escalation of privilege with no additional execution privileges required, and exploitation requires user int...

CVE-2026-0131

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0125

The connected documents report a race-condition–induced use-after-free in multiple functions of vpu_ioctl.c, leading to local privilege escalation without requiring user interaction. The CVE-2026-0125 entry itself notes this default impact, but the provided sources do not specify affected product...

CVE-2026-0125

In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...