CVE-2026-0112 · In vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition.

01 · The Real Story

This is a trapdoor inside one apartment, not an unlocked front door to the whole building

CVE-2026-0112 is a local elevation-of-privilege bug in the Pixel VPU driver path, specifically vpu_open_inst in vpu_ioctl.c, where a race can produce a use-after-free condition. The practical target set is Google Pixel-family devices carrying the affected VPU driver bits before the 2026-03-05 security patch level; Google tracks it in the March 2026 Pixel bulletin as subcomponent VPU with bug ID A-463676597.

The vendor's HIGH 7.4 is technically defensible in a lab because kernel-level impact is severe once triggered, but it overstates enterprise urgency. This is not remotely reachable, not broadly internet-exposed, not KEV-listed, and not showing real exploitation heat; an attacker still needs code execution on the phone first, then must win a high-complexity race in a device-specific driver. For defenders managing large fleets, that is classic downward friction, so this lands in MEDIUM.

"Bad kernel bug, but it is a post-app-execution Pixel local privesc, not a fleet-wide fire drill"

02 · The Attack Path

4 steps from start to impact.

STEP 01

Land code on the device

The attacker first needs execution on the handset, typically via a malicious Android app, test harness, or post-exploitation implant. In practice this means a custom APK or instrumentation workflow using tools like adb and sometimes Frida to drive the vulnerable path repeatedly. This is the biggest real-world gating factor because the CVE is AV:L, not remotely reachable on its own.

Conditions required:

Target is a Google Pixel-family device affected by the March 2026 Pixel bulletin entry
Attacker can run code locally on the device
Device is below security patch level 2026-03-05

Where this breaks in practice:

Requires prior app execution or physical/debug access; this is already post-initial-access
Managed enterprise Android fleets often restrict sideloading and developer options
Non-Pixel Android devices are out of scope

Detection/coverage: Traditional network scanners will miss this entirely. Detection is mostly MDM/EMM inventory, Play Protect telemetry, app-install policy violations, and adb/developer-mode monitoring.

STEP 02

Reach the VPU driver entry point

Once code is running locally, the exploit must interact with the VPU driver path and hit vpu_open_inst through the exposed device interface. A weaponized PoC would normally use a small native helper plus ioctl() calls to the VPU node to create the right object lifecycle. This narrows the reachable population further because the bug lives in a Pixel VPU-specific component, not generic Android userspace.

Conditions required:

VPU device node and driver path are present on the build
SELinux and app sandboxing still allow the necessary local interaction path
Exploit code can repeatedly issue the relevant open/ioctl sequences

Where this breaks in practice:

Driver/component availability varies by device family and build
OEM hardening and SELinux policy can complicate reliable access
Corporate phones often have a smaller and more uniform model set, reducing the exposed population once identified

Detection/coverage: Endpoint-side telemetry is thin unless you have mobile threat defense collecting suspicious native crashes, repeated VPU access, or exploit-like app behavior.

STEP 03

Win the race and trigger use-after-free

The exploit then has to reliably hit the race window in vpu_open_inst and convert the use-after-free into privilege escalation. That usually means a custom multithreaded native exploit, often stress-driven and timing-sensitive, rather than a one-shot commodity script. Google's own CVSS marks this AC:H, which is an important reality check for reliability in the field.

Conditions required:

Exploit can create the required concurrent execution pattern
Kernel/driver layout and timing line up for successful corruption
No crash or watchdog reset interrupts the exploit sequence

Where this breaks in practice:

Race-condition kernel exploits are notoriously device- and build-sensitive
Modern mitigations can turn exploitation into instability rather than clean privilege gain
No public, widely adopted exploit chain was found in the reviewed sources

Detection/coverage: You may see kernel crashes, tombstones, or abnormal app termination during failed attempts, but coverage is inconsistent and noisy.

STEP 04

Escalate from app context to kernel-backed privilege

If the race is won, the attacker can break out of the app sandbox and gain elevated privileges on that one device. At that point the value is local data access, persistence, security-control bypass, or chaining into a larger mobile intrusion. The blast radius is still per-device, not an unauthenticated fleet compromise.

Conditions required:

Successful kernel memory corruption
Post-exploitation logic to abuse elevated privileges
Target device contains enterprise data or auth material worth stealing

Where this breaks in practice:

Impact is confined to compromised devices, not exposed servers
Enterprise mobile fleets usually have wipe, compliance, and MDM containment options
Attacker still has to monetize access on each handset

Detection/coverage: Mobile threat defense, EMM compliance drift, suspicious privilege behavior, and post-exploitation artifacts matter more than perimeter controls.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No confirmed in-the-wild exploitation found in the reviewed authoritative sources. CISA ADP enrichment visible via OpenCVE records SSVC exploitation as `none`.
Proof-of-concept availability	No public PoC located in the reviewed sources. That matters because reliable exploitation here likely needs a custom native race harness, not just a copy-paste script.
EPSS	0.00007 (user-supplied), which is effectively background noise. FIRST describes EPSS as a 30-day exploitation probability model; this score aligns with a low-likelihood local/mobile bug.
KEV status	Not KEV-listed. No CISA Known Exploited Vulnerabilities entry was found for this CVE as of this assessment.
CVSS vector	`CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H` — translation: serious impact if won, but only after local execution and a high-complexity race.
Affected population	Google Pixel / Pixel-family specific VPU path, not a generic remotely exposed Android service. OSV shows affected range as `Pixel-family specific:0` through fixed at `Pixel-family specific:2026-03-05`.
Fixed version	Security patch level 2026-03-05 or later on Google devices. Google states Pixel devices at 2026-03-05 address all issues in the March 2026 Pixel bulletin.
Scanning and exposure data	No meaningful Shodan/Censys/FOFA exposure signal — inference from the sources: this is a local VPU driver flaw on handsets, not an internet-facing daemon, so classic attack-surface search engines are the wrong lens.
Disclosure date	2026-03-10 in the CVE record, with the Pixel bulletin published 2026-03-03 and updated 2026-03-09.
Reporting researcher	Android security acknowledgements credit Seth Jenkins and Jann Horn of Google Project Zero for CVE-2026-0112.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (4.6/10)

The decisive factor is attacker position: this bug is only useful after the attacker already has code execution on the device, which makes it a post-initial-access local privesc rather than an entry-point vulnerability. The second big limiter is reachability: affected exposure is confined to Pixel-family devices with the vulnerable VPU driver and a pre-2026-03-05 patch level.

HIGH Vendor metadata, affected component, disclosure date, and fixed patch level

MEDIUM Absence of public PoC and absence of exploitation evidence in the reviewed sources

HIGH Severity downgrade rationale driven by local-only attack path and high-complexity race condition

Why this verdict

Start at 7.4, then subtract for attacker position: AV:L means the attacker must already run code on the phone. In enterprise terms, that implies prior compromise, malicious app install, physical access, or an existing exploit chain.
Subtract again for reachability: this is a Pixel VPU issue, not a generic Android remote service. That sharply narrows the exposed population compared with the headline 'Android' label.
Subtract for exploitation friction: Google/CISA mark it AC:H, and race-condition kernel bugs are reliability problems in the real world. Modern controls like Play Protect, app-install restrictions, EMM policy, and SELinux raise the bar before the bug is even exercised.
Do not subtract to LOW because impact is still real: if exploitation succeeds, the attacker can punch out of app sandboxing and gain elevated privilege on a managed device holding enterprise mail, tokens, or VPN creds.

Why not higher?

There is no remote entry point here. No KEV listing, no public exploitation evidence in the reviewed sources, no public PoC found, and no internet-exposed service to mass-scan or mass-weaponize. For a 10,000-host defender, this is not the kind of bug that suddenly turns into fleet-wide compromise from the edge.

Why not lower?

This still lands in the kernel/driver privilege-escalation class, and a successful local privesc on corporate mobile devices can break app sandboxing and increase post-compromise blast radius. If you run a meaningful Pixel estate, especially for executives or privileged admins, ignoring it would understate the consequence of a successful chain.

05 · Compensating Control

What to do — in priority order.

Block sideloading — Use EMM/MDM policy to restrict unknown sources and developer-mode abuse, because this CVE needs local code execution first. For a MEDIUM verdict there is no mitigation SLA, so treat this as mobile hardening hygiene and enforce it during the normal remediation window rather than as an emergency change.
Enforce Play Protect and app allowlisting — Keep Google Play Protect enabled and prefer managed Play/app allowlists so untrusted apps cannot become the launchpad for local exploitation. There is no mitigation SLA at MEDIUM, but this control is worth validating now because it directly attacks the biggest prerequisite in the chain.
Inventory Pixel patch levels — Use your UEM/EMM to identify Google Pixel devices below 2026-03-05 and separate them from non-Pixel Android devices that are not in scope for this advisory. There is no mitigation SLA at MEDIUM; this inventory should feed the remediation campaign inside the 365-day patch window.
Limit adb and developer options — Disable or alert on USB debugging and unauthorized adb usage where policy allows, because exploit development and validation on Android commonly lean on that path. This is not an emergency control for MEDIUM, but it reduces local exploitability and should be folded into baseline mobile controls.

What doesn't work

A perimeter WAF or IDS does not help because this is not a network-reachable service flaw.
Internet scanning for exposed hosts is the wrong control plane; the issue lives on managed handsets, so you need MDM/UEM inventory instead.
Password resets alone do not remediate the device-side privilege-escalation path; they may matter after a compromise, but they do not remove the kernel bug.

06 · Verification

Crowdsourced verification payload.

Run this from an auditor workstation with adb installed and a USB- or enterprise-debug-connected device selected. Invoke it as ./check_cve_2026_0112.sh or ANDROID_SERIAL=<serial> ./check_cve_2026_0112.sh; no root is required, but the device must be reachable via adb.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# CVE-2026-0112 verifier for Google Pixel devices
# Checks whether the connected device is likely patched based on Android security patch level.
# Exit codes:
#   0 = PATCHED
#   1 = VULNERABLE
#   2 = UNKNOWN / could not assess

set -euo pipefail

need_cmd() {
  command -v "$1" >/dev/null 2>&1 || {
    echo "UNKNOWN - required command not found: $1"
    exit 2
  }
}

getprop_safe() {
  adb ${ADB_ARGS[@]} shell getprop "$1" 2>/dev/null | tr -d '\r'
}

need_cmd adb

ADB_ARGS=()
if [[ -n "${ANDROID_SERIAL:-}" ]]; then
  ADB_ARGS=(-s "$ANDROID_SERIAL")
fi

if ! adb ${ADB_ARGS[@]} get-state >/dev/null 2>&1; then
  echo "UNKNOWN - no adb device available"
  exit 2
fi

brand="$(getprop_safe ro.product.brand)"
manufacturer="$(getprop_safe ro.product.manufacturer)"
model="$(getprop_safe ro.product.model)"
patch="$(getprop_safe ro.build.version.security_patch)"

if [[ -z "$patch" ]]; then
  echo "UNKNOWN - security patch level unavailable"
  exit 2
fi

# This CVE is documented in the Pixel bulletin; non-Google devices are out of scope.
if [[ "${brand,,}" != "google" && "${manufacturer,,}" != "google" ]]; then
  echo "UNKNOWN - device is not a Google/Pixel-family device (brand=$brand manufacturer=$manufacturer model=$model patch=$patch)"
  exit 2
fi

fixed_patch="2026-03-05"

# YYYY-MM-DD strings compare lexicographically.
if [[ "$patch" > "$fixed_patch" || "$patch" == "$fixed_patch" ]]; then
  echo "PATCHED - Google device patch level $patch is at or above $fixed_patch (model=$model)"
  exit 0
fi

echo "VULNERABLE - Google device patch level $patch is below $fixed_patch (model=$model)"
exit 1

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, have your UEM team pull a list of Google Pixel devices below security patch level 2026-03-05, confirm whether sideloading and Play Protect policy are enforced, and then roll the fix through the next normal Android OTA wave. Because this reassessment is MEDIUM and there is no noisgate mitigation SLA — go straight to the 365-day remediation window, but do not leave it to chance: get compensating mobile-app controls verified now and make sure every in-scope corporate Pixel reaches the vendor patch well inside the noisgate remediation SLA of ≤365 days.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.