CVE-2026-0143

Vulnerability

A use-after-free vulnerability exists in the lwis_device_external_event_emit function of lwis_event.c in the Pixel kernel driver. This memory corruption bug can be triggered when an event is emitted after the underlying memory has been freed. The affected component is part of the LWIS (Light Weight Interrupt System) driver used in Pixel devices. Devices running Android versions prior to the 2026-06-05 security patch level are vulnerable [1].

Exploitation

An attacker with System execution privileges can exploit this vulnerability without any user interaction. By crafting a sequence of operations that causes a use-after-free condition in lwis_device_external_event_emit, the attacker can corrupt kernel memory. The exact steps involve triggering the event emission after the associated memory has been freed, leading to a dangling pointer dereference.

Impact

Successful exploitation leads to local escalation of privilege. An attacker with System privileges can leverage the memory corruption to execute arbitrary code in the kernel context, potentially gaining full control over the device. This could result in unauthorized access to sensitive data, installation of persistent malware, or other malicious activities.

Mitigation

The vulnerability is fixed in the June 2026 Pixel Update Bulletin, which includes the security patch level 2026-06-05 [1]. Users are advised to update their Pixel devices to this patch level or later. No workarounds are available; the only mitigation is applying the security update.