Description
In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the verifySignature method of ApkChecksums.java, a resource exhaustion condition can be triggered, causing the system to crash. The vulnerability does not require elevated privileges and can be executed locally without user interaction. The resulting crash leads to a denial‑of‑service condition for the device, affecting application availability and potentially halting system services.

Affected Systems

The flaw is present in Google Android devices. Exact version information is not provided in the advisory, but the issue is documented in the Android Security Bulletin for June 2026, indicating that devices running the affected Android build and not yet upgraded will be vulnerable. All affected Android platforms that have not applied the latest security patch may be impacted.

Risk and Exploitability

The exploitation scenario does not involve remote code execution or network interaction; an attacker must have local access or be able to influence the execution of a package that invokes verifySignature. The CVSS score of 5.5 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not currently in widespread use by attackers. Nonetheless, a local denial of service can severely disrupt device operation, making it a high‑priority issue for environments where stability is critical.

Generated by OpenCVE AI on June 2, 2026 at 02:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch as published in the 2026‑06‑01 bulletin once it becomes available.
  • Avoid installing applications from unknown or untrusted sources until a patch is installed.
  • Monitor device stability and restarts; if crashes persist after update, report the issue to the vendor for further investigation.

Generated by OpenCVE AI on June 2, 2026 at 02:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Title Resource Exhaustion Crash in Android ApkChecksums Verification

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Resource Exhaustion Crash in Android ApkChecksums Verification
Weaknesses CWE-400

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:21:12.503Z

Reserved: 2025-10-15T15:40:51.960Z

Link: CVE-2026-0069

cve-icon Vulnrichment

Updated: 2026-06-01T23:21:03.061Z

cve-icon NVD

Status : Received

Published: 2026-06-01T22:16:21.363

Modified: 2026-06-02T00:16:35.383

Link: CVE-2026-0069

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T02:30:16Z

Weaknesses