Description
In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the graphics driver update routine of Android causes a persistent denial of service. The bug resides in the updateState method of GraphicsDriverEnableAngleAsSystemDriverController.java and can force the device into a non‑responsive state. The vulnerability requires no additional privileges or user interaction, allowing any local user to trigger the condition simply by exercising the graphics subsystem, which can render the device unusable until a reboot or data wipe.

Affected Systems

The issue affects Google Android operating systems. Affected versions include Android 14.0, Android 15.0, Android 16.0, and the 16.0 qpr2 pre‑release build. No further subversion details are provided, so all devices running these releases with the implicated graphics driver code are potentially impacted.

Risk and Exploitability

The CVSS score of 5.5 and an EPSS below 1% indicate that public exploitation data is not yet demonstrated, and the vulnerability is not listed in CISA's KEV catalog. However, because local access is sufficient and no elevated privileges are required, the risk is limited to device availability. Exploitation would involve a local user triggering a graphics operation that activates the vulnerable state, so mitigation focuses on applying the vendor’s fix or rebooting the device when it becomes unresponsive.

Generated by OpenCVE AI on June 3, 2026 at 04:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest official Android update that remediates the denial‑of condition in the graphics driver.
  • Until the patch is available, mitigate risk by limiting or disabling graphics operations that trigger the vulnerable driver.
  • Monitor device logs for signs of driver hangs and apply any vendor‑issued workarounds that specifically address the flaw when they become available.

Generated by OpenCVE AI on June 3, 2026 at 04:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:16.0:qpr2:*:*:*:*:*:* cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Wed, 03 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Title Android Graphics Driver Update Denial of Service
Weaknesses CWE-399

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Persistent Local Denial of Service via Graphics Driver Update in Android
Weaknesses CWE-739

Tue, 02 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2:*:*:*:*:*:*

Tue, 02 Jun 2026 03:45:00 +0000

Type Values Removed Values Added
Title Persistent Local Denial of Service via Graphics Driver Update in Android
Weaknesses CWE-739

Tue, 02 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Persistent Denial of Service in Android Graphics Driver Update State
Weaknesses CWE-703
CWE-770

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Persistent Denial of Service in Android Graphics Driver Update State
Weaknesses CWE-703
CWE-770

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In updateState of GraphicsDriverEnableAngleAsSystemDriverController.java, there is a possible persistent dos issue due to an unusual root cause. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:46:02.515Z

Reserved: 2025-10-15T15:40:38.124Z

Link: CVE-2026-0060

cve-icon Vulnrichment

Updated: 2026-06-01T23:45:58.840Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T22:16:21.063

Modified: 2026-06-03T13:46:09.867

Link: CVE-2026-0060

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T04:15:24Z

Weaknesses