Impact
An integer overflow exists in multiple locations within the Android operating system, which can be triggered without user interaction. This flaw, classified as CWE‑190, enables code execution that raises a local attacker’s privileges, compromising the operating system’s integrity on the affected device.
Affected Systems
The vulnerability impacts Google Android devices running Android 14.0, Android 15.0, Android 16.0, as well as the Android 16.0 QPR2 beta releases (beta 1, beta 2, beta 3). All devices that incorporate the affected Android code base are susceptible until an official patch is applied.
Risk and Exploitability
The CVSS score of 8.4 classifies the flaw as high severity, and the EPSS score of 2% indicates a low but nonzero probability of exploitation. The vulnerability is listed in the CISA KEV catalog, confirming that known exploits exist. Because the flaw can be abused locally without user interaction, a local attacker might trigger the overflow to elevate privileges.
OpenCVE Enrichment