Description
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is located in several functions within ubsan_throwing_runtime.cpp and arises from improper input validation. This weakness is a classic example of CWE‑20, Input Validation. The flaw can cause the entire system to crash, resulting in a denial of service. No additional execution privileges are needed and user interaction is not required for exploitation, indicating the attack can be conducted remotely and anonymously.

Affected Systems

The affected platform is Google Android. No specific versions are listed in the provided data, so any Android release that includes the identified UBSan functions may be susceptible.

Risk and Exploitability

The CVSS score is 6.5, and the EPSS value is unavailable; the vulnerability is not listed in CISA’s KEV catalog. Because the flaw allows a remote denial of service without privilege escalation or user interaction, it is likely to be simple to exploit once malicious input can be supplied. With a CVSS score of 6.5 the severity is moderate; the operational impact of a system crash is significant.

Generated by OpenCVE AI on June 2, 2026 at 01:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch that contains the UBSan fix.
  • If device firmware cannot be updated, disable or replace the UBSan runtime with a verified, non‑vulnerable build to avoid exploitation.
  • Monitor device logs and crash reports for unexpected failures that may indicate exploitation attempts.

Generated by OpenCVE AI on June 2, 2026 at 01:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title UBSan Runtime Crash Enables Remote Denial of Service

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title UBSan Runtime Crash Enables Remote Denial of Service
Weaknesses CWE-20

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:40:02.448Z

Reserved: 2025-10-15T15:39:46.057Z

Link: CVE-2026-0051

cve-icon Vulnrichment

Updated: 2026-06-01T23:27:44.045Z

cve-icon NVD

Status : Received

Published: 2026-06-01T22:16:20.600

Modified: 2026-06-02T00:16:34.553

Link: CVE-2026-0051

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T02:00:14Z

Weaknesses