SB2026050897 - Time-of-check Time-of-use (TOCTOU) Race Condition in Linux kernel android binder driver



SB2026050897 - Time-of-check Time-of-use (TOCTOU) Race Condition in Linux kernel android binder driver

Published: May 8, 2026

Security Bulletin ID SB2026050897
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-43433)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to a time-of-check time-of-use race condition in rust_binder transaction offsets array handling when sending a transaction and reading back offsets from the target process vma. A local user can modify the copied offsets before they are read back to escalate privileges.

Exploitation requires the target process to gain the ability to write to its own normally read-only binder vma and a payload with a specific shape.


Remediation

Install update from vendor's website.