EIP-2026-100031

PRE-CVE

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100031. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details a vulnerability in Samsung RKP (Real-time Kernel Protection) where unvalidated MSRs to TCR_EL1 and SCTLR_EL1 registers allow an attacker to bypass memory protections. The issue arises from RKP's failure to validate these registers, enabling manipulation of translation granules or disabling the MMU.

Description

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/41212

View Code ZIP pw:eip

The writeup details a vulnerability in Samsung RKP (Real-time Kernel Protection) where unvalidated MSRs to TCR_EL1 and SCTLR_EL1 registers allow an attacker to bypass memory protections. The issue arises from RKP's failure to validate these registers, enabling manipulation of translation granules or disabling the MMU.

Classification

Writeup 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Samsung RKP (version RKP4.2_CL7572479)

No auth needed

Prerequisites: Access to EL1 execution context · Knowledge of RKP internals

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026