EIP-2026-100027

PRE-CVE

Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100027. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details a memory corruption vulnerability in Samsung RKP (Real-time Kernel Protection) due to lack of bounds checking in the `rkp_set_init_page_ro` function, allowing arbitrary modification of RKP's code or data pages, leading to privilege escalation from EL1 to EL2.

Description

Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/41232

View Code ZIP pw:eip

The writeup details a memory corruption vulnerability in Samsung RKP (Real-time Kernel Protection) due to lack of bounds checking in the `rkp_set_init_page_ro` function, allowing arbitrary modification of RKP's code or data pages, leading to privilege escalation from EL1 to EL2.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Samsung RKP (Real-time Kernel Protection) on Samsung KNOX devices, specifically RKP4.2_CL7572479 on SM-G935F

No auth needed

Prerequisites: Access to EL1 kernel context to issue the `rkp_set_init_page_ro` command

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026