CVE-2026-7270 Local privilege escalation via execve()

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

CVE-2026-0122

CVE-2026-0122 is reported in Pixel updates as a Remote Code Execution risk in the Baseband component, caused by an out-of-bounds write/memory corruption. Exploitation is described as requiring no user interaction and could allow remote code execution with high impact. The Pixel Bulletin lists the...

CVE-2026-20402

CVE-2026-20402 concerns a vulnerability in the modem component where improper input validation can cause a system crash, enabling remote denial of service when a UE connects to a rogue base station. The impact is described as a remote DoS with no extra execution privileges and no user interaction...

PT-2025-48615

In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation...