A logic error in multiple functions of ubsan_throwing_runtime.cpp allows a permanent denial of service. The flaw means that once triggered the affected component stops functioning, effectively rendering the system unusable until a reboot or patch. The impact is a local denial of service; no elevated privileges are required and no remote exploitation is implied by the available data. The weakness can be categorized as a logic bug that leads to service unavailability.

Google Android devices are impacted. The vulnerability appears in the Android operating system’s UBSan runtime component, but the specific version numbers are not documented in the available data. Users running affected Android releases that include the buggy UBSan code are at risk.

The EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog at this time. Because the defect requires local execution and does not require special privileges, the risk largely depends on the density of the user base and whether the device can be easily physically accessed. With a CVSS score of 5.5 the vulnerability is categorized as medium severity, yet the permanent nature of the denial of service underscores a significant impact. The likely attack vector is local, as user interaction is not needed; the flaw can be triggered by normal device operation or by an application that uses the affected UBSan functions.