VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 16, 2026· Updated Jun 16, 2026

CVE-2026-0152

CVE-2026-0152

Description

A logic error in OSMMapPMRGeneric of pmr_os.c allows an attacker to expand a VMA out of bounds via a system call, leading to local escalation of privilege on Pixel devices.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logic error in OSMMapPMRGeneric of pmr_os.c allows an attacker to expand a VMA out of bounds via a system call, leading to local escalation of privilege on Pixel devices.

Vulnerability

In the OSMMapPMRGeneric function in pmr_os.c, a logic error allows a system call to maliciously expand a virtual memory area (VMA) out of bounds. This affects Pixel devices running kernel versions prior to the 2026-06-05 security patch level. The vulnerability is reachable without any special configuration.

Exploitation

An attacker with local access to the device can trigger the vulnerable system call sequence. No additional execution privileges or user interaction are required. The attacker leverages the logic error to cause the VMA expansion beyond intended boundaries.

Impact

Successful exploitation leads to local escalation of privilege, allowing the attacker to gain elevated access on the device. The impact is a compromise of confidentiality, integrity, and availability at the kernel level.

Mitigation

Google addressed this vulnerability in the June 2026 Pixel Update Bulletin [1]. Devices with a security patch level of 2026-06-05 or later are protected. Users should ensure their Pixel devices are updated to the latest security patch. No workaround is available.

References
  1. Pixel Update Bulletin—June 2026

AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.