Description
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in several parts of the Android codebase can be exploited to execute arbitrary code, allowing a local attacker to gain higher privileges without needing additional execution rights. The vulnerability does not require user interaction, meaning a malicious application or script running on the device can trigger the overflow and elevate privileges. While the description does not explicitly state the impact on confidentiality, integrity, or availability, it is reasonable to infer that a local attacker with elevated privileges could potentially compromise these aspects of the device once the integer overflow is exploited.

Affected Systems

Android devices running the affected code, the exact versions of which are not specified in the advisory. The vulnerability applies to the Google Android platform as a whole.

Risk and Exploitability

The CVSS score of 8.4 indicates a high severity, and the lack of user interaction combined with the potential for full privilege escalation make this a high‑risk flaw. The EPSS score of < 1% indicates a very low but nonzero exploitation probability, and the vulnerability is now listed in the CISA KEV catalog, highlighting that known exploits exist or are anticipated.

Generated by OpenCVE AI on June 2, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android security patch that addresses this integer overflow.
  • Review any custom Android components or libraries for proper bounds checking to prevent integer overflows.
  • Enable SELinux enforcement and audit policies to restrict privilege escalation pathways.
  • Monitor Android security advisories for additional patches or mitigations.

Generated by OpenCVE AI on June 2, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow Causing Local Privilege Escalation in Android
CPEs cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Tue, 02 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-06-02T00:00:00+00:00', 'dueDate': '2026-06-05T00:00:00+00:00'}

Tue, 02 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android Leading to Local Privilege Escalation

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android Leading to Local Privilege Escalation
Weaknesses CWE-190

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-02T19:58:24.434Z

Reserved: 2025-05-22T18:12:07.428Z

Link: CVE-2025-48595

cve-icon Vulnrichment

Updated: 2026-06-01T22:08:54.947Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T22:16:18.093

Modified: 2026-06-02T20:19:29.653

Link: CVE-2025-48595

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T19:30:15Z

Weaknesses