Description
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In several functions of ubsan_throwing_runtime.cpp, an integer overflow can cause a crash, allowing an attacker to remotely disrupt service on the device. The flaw requires no additional privileges and does not depend on user interaction. When triggered, the crash can make the affected application or system component unavailable, resulting in a denial of service.

Affected Systems

The vulnerability applies to Google Android devices. Specific affected Android release versions are not provided in the available data, so any device that includes the affected runtime components may be vulnerable.

Risk and Exploitability

The EPSS score is not available and the issue is not listed in the CISA KEV catalog, so current exploitation statistics are unknown. The CVSS score is 6.5, indicating a moderate risk. Nevertheless, because the flaw can be triggered remotely and does not require user interaction or elevated privileges, the exploitation risk is considered high until a security patch is deployed.

Generated by OpenCVE AI on June 2, 2026 at 01:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch released by Google that addresses integer overflow issues in the runtime.
  • Ensure the device is updated to the most recent supported Android release that includes the patched runtime.
  • Temporarily disable or limit the use of applications that may invoke ubsan_throwing_runtime.cpp until the patch is installed, and monitor for service crashes.

Generated by OpenCVE AI on June 2, 2026 at 01:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Tue, 02 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ubsan_throwing_runtime.cpp Causes Remote Denial of Service

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ubsan_throwing_runtime.cpp Causes Remote Denial of Service
Weaknesses CWE-190

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:40:23.214Z

Reserved: 2025-10-15T15:39:47.382Z

Link: CVE-2026-0052

cve-icon Vulnrichment

Updated: 2026-06-01T23:27:02.785Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T22:16:20.690

Modified: 2026-06-02T18:47:33.677

Link: CVE-2026-0052

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T01:30:26Z

Weaknesses