CVE-2026-0151: In IntfGraphCreate of intfgraph
In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An integer overflow leading to an out-of-bounds write exists in the IntfGraphCreate function of intfgraph.c in the Android kernel. The flaw is reachable over the network by any authenticated user with a low-privilege account, requiring no victim interaction, and successful exploitation gives an attacker full remote code execution on the affected device. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.
HarborGuard Coverage
Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built Android kernel images, in each registry and build pipeline.
AvailableTriage is available using the CVSS v3.1 score of 8.8 (HIGH), weighted against each customer organization's compliance policy to prioritize routing and assign the finding to the appropriate team inbox.
AvailableBecause no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Google publishes a remediated kernel version. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be opened without manual intervention once that upstream fix lands.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable code path is reachable over the network, meaning an attacker must be able to send requests to the exposed service across the internet or an internal network.
- AuthenticationRequired
A low-privilege account is sufficient; no elevated or administrative credentials are needed to reach the vulnerable function.
- Victim interactionNot required
No user action such as clicking a link or opening a file is needed; the attacker can trigger the flaw without any participation from a victim.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.
Blast Radius
- An attacker achieves remote code execution in the Android kernel context, gaining control over the affected device at the OS level.
- Confidential data stored on the device, including credentials, session tokens, and application data, is readable by the attacker.
- The attacker can modify or corrupt persisted files, application data, and kernel state on the device.
- The attacker can crash or destabilize kernel services, disrupting device operation entirely.
How HarborGuard Handles This
Available on HarborGuard: because no upstream fix exists yet, the platform monitors this advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment Google publishes a remediated Android kernel version. In the interim, compensating controls are available to reduce exposure: network-policy isolation can restrict which workloads are permitted to reach services backed by affected kernel images, egress filtering can limit outbound paths an attacker could use post-exploitation, and feature-flag gating can disable non-essential interfaces that surface the vulnerable code path. For customers with auto-remediation enabled, the full rebuild, regression-test run, and PR against affected workloads will be initiated without manual steps as soon as the upstream patch is available.
- Google / AndroidAndroid kernel
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H