CVE-2026-7270 Local privilege escalation via execve()

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

CVE-2026-0122

CVE-2026-0122 is reported in Pixel updates as a Remote Code Execution risk in the Baseband component, caused by an out-of-bounds write/memory corruption. Exploitation is described as requiring no user interaction and could allow remote code execution with high impact. The Pixel Bulletin lists the...

CVE-2026-20402

The CVE-2026-20402 issue affects Modem. The vulnerability is a crash caused by improper input validation when a UE connects to a rogue base station, enabling remote denial of service without user interaction or extra privileges. Reported impact is availability loss (A) with no confidentiality or ...

PT-2025-48615

In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation...