Android Pixel Devices Out-of-Bounds Write Vulnerability in Media Framework Could Lead to Remote Code Execution

Vulnerability

A vulnerability exists in the media framework component of Android Pixel devices, specifically within the 'mfc_handle_released_buf' function of 'mfc_core_isr.c'. This vulnerability arises from a missing bounds check, allowing for a potential out-of-bounds write. Exploitation of this issue could result in remote code execution, with no additional privileges required and no need for user interaction.

Impact

Exploitation of this vulnerability could allow for remote code execution on the affected device.

Added: Mar 10, 2026, 9:32 PM

Updated: Mar 10, 2026, 9:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Pixel Devices Out-of-Bounds Write Vulnerability in Media Framework Could Lead to Remote Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating