Description
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Problem types
Elevation of privilege
Product status
Android kernel
References
android.googlesource.com/...f9a62cc12c3a071bab4e92314f046739
android.googlesource.com/...83a9ef4831f99e692c239542dd385cb4
android.googlesource.com/...9b7fe0f858926a8bcaf929b75db9e52a
android.googlesource.com/...1fb8f9525e21f095a87486a2bd856321
android.googlesource.com/...e008b81dd266bf6e361627c058ddde41
android.googlesource.com/...56a45165602f8116e0a0d2e767f1e8ae
android.googlesource.com/...434c224285c30d460681f1ce76a8cf1f
source.android.com/security/bulletin/2026-03-01