A logic error in multiple functions of ubsan_throwing_runtime.cpp allows a permanent denial of service. The flaw means that once triggered the affected component stops functioning, effectively rendering the system unusable until a reboot or patch. The impact is a local denial of service; no elevated privileges are required and no remote exploitation is implied by the available data. The weakness can be categorized as a logic bug that leads to service unavailability.

Google Android devices running any of the following releases are affected: Android 14.0, Android 15.0, Android 16.0, and Android 16.0:qpr2. The flaw resides in the UBSan runtime component of the operating system. Devices with these specific OS versions that include the buggy UBSan code are susceptible to the denial of service.

The EPSS score indicates a very low exploitation probability (<1%), and the vulnerability is not listed in the CISA KEV catalog at this time. Because the defect requires local execution and does not require special privileges, the risk largely depends on the density of the user base and whether the device can be easily physically accessed. With a CVSS score of 5.5 the vulnerability is categorized as medium severity, yet the permanent nature of the denial of service underscores a significant impact. The likely attack vector is local, as user interaction is not needed; the flaw can be triggered by normal device operation or by an application that uses the affected UBSan functions.