SB2026050897 - Time-of-check Time-of-use (TOCTOU) Race Condition in Linux kernel android binder driver
Published: May 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-43433)
CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a time-of-check time-of-use race condition in rust_binder transaction offsets array handling when sending a transaction and reading back offsets from the target process vma. A local user can modify the copied offsets before they are read back to escalate privileges.
Exploitation requires the target process to gain the ability to write to its own normally read-only binder vma and a payload with a specific shape.
Remediation
Install update from vendor's website.