Description
In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-17
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local denial of service arises from uncontrolled resource consumption in multiple areas of the Android operating system. The flaw can persistently drain system resources, causing the device to become unresponsive or restart without any additional execution privileges. Importantly, the vulnerability does not require user interaction; any malicious application or process can trigger the resource exhaustion silently, impacting availability for the affected device.

Affected Systems

The vulnerability affects Google Android systems. No specific version numbers are provided, so all Android releases may be susceptible until a patch is issued. The impact is local; remote exploitation is not supported as user interaction is not needed for exploitation.

Risk and Exploitability

The CVSS score of 10 indicates a critical local denial of service. The EPSS score of <1% shows that exploitation is currently very unlikely, yet the persistent resource exhaustion can still have severe operational impact. Because the flaw does not require user interaction, a malicious application or any locally running process capable of triggering the resource exhaustion can exploit the vulnerability. No remote‑access vector is involved, and the attack is confined to the device.

Generated by OpenCVE AI on June 17, 2026 at 18:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply all available Google Android security patches as published; check the Android security bulletin for updates.
  • Restrict or disable any features or applications that can trigger the resource exhaustion, using device settings or mobile device management policies.
  • Monitor device logs for repeated resource exhaustion events and schedule routine restarts or downtime to mitigate prolonged availability loss.

Generated by OpenCVE AI on June 17, 2026 at 18:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Wed, 17 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-17T14:01:08.760Z

Reserved: 2025-10-15T15:40:44.567Z

Link: CVE-2026-0064

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T08:30:04Z

Weaknesses

No weakness.