Description
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in multiple functions of ubsan_throwing_runtime.cpp and can trigger persistent denial of service through resource exhaustion. An attacker does not need any elevated execution privileges, and no user interaction is required. The impact is a local denial of service that can render the affected Android system unusable until restarted or the resource usage is mitigated.

Affected Systems

The affected vendor is Google for Android. No specific product or version information is available in the provided data, so the scope of affected releases cannot be precisely determined.

Risk and Exploitability

The CVSS score is 5.5. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; a user with access to the device can trigger the fault by exercising any code path that invokes the vulnerable UBSan functions. No additional privileges or network access are needed. With no EPSS data available, the exploitation likelihood is undetermined, but the denial of service nature means internal availability is at risk.

Generated by OpenCVE AI on June 2, 2026 at 01:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security patch from Google.
  • Reboot the device to clear any lingering exhausted resources if a denial of service has already occurred.
  • Identify and uninstall any third‑party applications or services that repeatedly invoke the vulnerable UBSan functions, if such a trigger can be isolated.
  • Monitor system memory and CPU usage for abnormal spikes as an early warning of resource exhaustion.

Generated by OpenCVE AI on June 2, 2026 at 01:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Resource Exhaustion Leading to Local Denial of Service in Android UBSan Functions

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Resource Exhaustion Leading to Local Denial of Service in Android UBSan Functions
Weaknesses CWE-400

Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:37:00.435Z

Reserved: 2025-10-15T15:39:31.671Z

Link: CVE-2026-0042

cve-icon Vulnrichment

Updated: 2026-06-01T23:36:50.986Z

cve-icon NVD

Status : Received

Published: 2026-06-01T22:16:19.907

Modified: 2026-06-02T00:16:34.000

Link: CVE-2026-0042

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T02:00:14Z

Weaknesses