Description
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Android, several functions in the ubsan_throwing_runtime.cpp module perform unchecked arithmetic that can overflow, causing the operating system to crash. The vulnerability does not require any special privileges or user interaction; an attacker can trigger the overflow remotely, resulting in a denial of service to any affected device.

Affected Systems

The flaw exists in the Android operating system within the ubsan_throwing_runtime.cpp code base. The vendor, Google, does not list affected version ranges in this advisory, so any Android build that contains the unpatched runtime functions could be impacted.

Risk and Exploitability

The attack vector is remote and automated, with no user interaction needed, meaning an attacker could deliver a crafted payload to an Android device to induce the crash. The CVSS score is 6.5 and the EPSS score is not available; the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation. However, the inherent impact of a complete system crash is significant and should be treated with high priority.

Generated by OpenCVE AI on June 2, 2026 at 01:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android operating system version that contains the fixed ubsan_throwing_runtime.cpp code.
  • Enable automatic system updates so the fix is applied as soon as it becomes available.
  • If the patch is not yet released, monitor device logs for crashes related to ubsan_throwing_runtime and avoid installing applications that manipulate low-level runtime inputs.

Generated by OpenCVE AI on June 2, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android Runtime Causing Remote Denial of Service

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android Runtime Causing Remote Denial of Service
Weaknesses CWE-190

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:39:39.072Z

Reserved: 2025-10-15T15:39:34.616Z

Link: CVE-2026-0044

cve-icon Vulnrichment

Updated: 2026-06-01T23:29:59.196Z

cve-icon NVD

Status : Received

Published: 2026-06-01T22:16:20.100

Modified: 2026-06-02T00:16:34.277

Link: CVE-2026-0044

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T02:00:14Z

Weaknesses