CVE-2026-0133

Vulnerability

A missing permission check in the smmu_attach_dev function of arm-smmu-v3.c allows an attacker to sign malicious Android Runtime (ART) bootclass artifacts. This code path is reachable on devices using the ARM SMMUv3 driver, and no special configuration is required beyond local access. The issue affects Android versions prior to the June 2026 security patch level, as documented in the Pixel Update Bulletin [1].

Exploitation

An attacker with local access to the device, requiring no user interaction and no additional execution privileges, can exploit the missing permission check. The exact steps involve invoking the smmu_attach_dev function with crafted parameters to bypass authorization checks and sign arbitrary bootclass artifacts. This allows the attacker to subvert the bootclass signature verification process [1].

Impact

Successful exploitation leads to local escalation of privilege. The attacker can achieve elevated permissions, potentially gaining the ability to execute code with system or kernel-level privileges, thereby compromising the confidentiality, integrity, and availability of the device [1].

Mitigation

The vulnerability is addressed in the June 2026 Pixel Update Bulletin, with a security patch level of 2026-06-05. Users are strongly encouraged to apply the OTA update to their supported Pixel devices to mitigate this vulnerability [1].