A vulnerability in the graphics driver update routine of Android can cause a persistent denial of service. The bug arises during the execution of the updateState method in GraphicsDriverEnableAngleAsSystemDriverController.java, and it can maintain the device in a non‑responsive state. The issue does not require elevated privileges or user interaction, meaning that any local user could trigger the denial of service simply by exercising the graphics subsystem, potentially rendering the device unusable until reboot or device wipe.

This flaw affects Google Android devices. No specific product version or build information is provided, so the flaw could be present in any Android release that includes the affected graphics driver code. Administrators should treat all current Android devices as potentially vulnerable until the vendor releases a patch or update that addresses the flaw.

The CVSS score of 5.5 and an unavailable EPSS score indicate that public exploitation data is not yet known. The flaw is listed as not being part of the CISA KEV catalog. Because local access is sufficient and no special execution privileges are required, the risk is primarily to device availability rather than confidentiality or integrity. Exploitability relies on a local user triggering a graphics operation that enters the vulnerable state, so mitigating the impact hinges on applying the vendor’s fix or rebooting the device if it becomes unresponsive.