CVE-2026-0131

Vulnerability

In the RtpPacket::decodePacket function of the kernel component on Pixel devices, an integer overflow can lead to an out-of-bounds memory access. This vulnerability affects Pixel devices running a security patch level before 2026-06-05. The specific subcomponent is not disclosed in the available references, but the issue resides in the kernel handling of RTP packets [1]. Severity is High, with type Elevation of Privilege (EoP) [1].

Exploitation

An attacker requires local access and must convince a user to interact with a crafted application or input that triggers the vulnerable code path. No additional execution privileges are needed to initiate the exploit. The user interaction could be, for example, opening a malicious media file or processing a crafted network packet that invokes the decodePacket function [1]. The integer overflow occurs when calculating a buffer size or offset, leading to an out-of-bounds read or write.

Impact

Successful exploitation allows an attacker to escalate their privileges locally on the device. The impact is a compromise of confidentiality, integrity, or availability (CIA) at an elevated privilege level, potentially gaining kernel-level code execution or access to protected data [1].

Mitigation

Google released a fix in the June 2026 Pixel Update Bulletin, with security patch level 2026-06-05. All supported Pixel devices are encouraged to install this update. No workarounds are provided in the referenced bulletin [1].