CVE-2026-0112
Published: 10 March 2026
Summary
CVE-2026-0112 is a high-severity Race Condition (CWE-362) vulnerability in Google Android. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-0112 is a use-after-free vulnerability stemming from a race condition in the vpu_open_inst function of vpu_ioctl.c. This flaw affects the Android operating system, as documented in the Android Security Bulletin and Pixel Security Bulletin for March 2026. It is associated with CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')) and CWE-416 (Use After Free), and carries a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
A local attacker requires no additional execution privileges to exploit this vulnerability, which does not necessitate user interaction. Due to the race condition, exploitation demands high attack complexity, but success enables local escalation of privilege with high impacts on confidentiality, integrity, and availability.
The Android Security Bulletin (https://source.android.com/docs/security/bulletin/2026/2026-03-01) and Pixel Security Bulletin (https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01) provide details on patches addressing this issue, which security practitioners should apply to vulnerable Android and Pixel devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10838
Vulnerability details
In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via kernel use-after-free/race condition in Android driver (vpu_ioctl).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Memory Protection directly blocks exploitation of the use-after-free in vpu_open_inst by enforcing bounds and preventing dangling references after the race condition.
Flaw Remediation requires applying the vendor patches listed in the Android/Pixel March 2026 bulletins that eliminate the race condition in vpu_ioctl.c.
Process Isolation limits the blast radius of the local privilege escalation that succeeds when the use-after-free is triggered.