CVE-2026-0121

CWE-362 — Race Condition CWE-416 — Use After Free4 documents4 sources

2.9

CVSS

LOW

EPSS0.0%(0th)

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 1.4 | Impact: 1.4

Affected Packages2 packages

▶Android:unknown::0 — :2026-03-05

▶GoogleAndroidAndroid kernel

In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

NVD ↗MITRE ↗

🔴Vulnerability Details

GHSA

GHSA-3hxh-5hj7-x8c5: In VPU, there is a possible use-after-free read due to a race condition↗2026-03-10

▶

CVEList

CVE-2026-0121: In VPU, there is a possible use-after-free read due to a race condition↗2026-03-10

▶

OSV

CVE-2026-0121: In VPU, there is a possible use-after-free read due to a race condition↗2026-03-01

▶