CVE-2026-0148

Summary

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Software

VendorProductVersion RangeStatus
GoogleAndroidAndroid kernelaffected

Weaknesses

  • Remote code execution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References