CVE-2026-0127

Vulnerability

In cn_NrmmDecoder.cpp, the function NrmmMsgCodec::DecodeUPUTransparentContext contains a possible out-of-bounds read due to memory corruption. This flaw exists in the modem firmware component responsible for processing network messages. The vulnerability affects Pixel devices running Android versions prior to the 2026-06-05 security patch level [1]. No special configuration is required for the code path to be reachable.

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted network message to the target device. No authentication or user interaction is required. The attacker only needs network proximity to deliver the malicious packet, which triggers the out-of-bounds read when the decoder processes the malformed context data.

Impact

Successful exploitation leads to a crash of the communication processor (CP). This results in a remote denial of service, temporarily disabling cellular voice, data, and SMS services on the device. The attacker does not gain code execution or elevated privileges; the impact is limited to service disruption.

Mitigation

Google addressed this vulnerability in the Pixel Update Bulletin—June 2026, with a fix included in the 2026-06-05 security patch level [1]. All supported Pixel devices should install the available OTA update to apply the patch. No workaround is provided in the available references.