Description
In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the getPreferredSize method of LauncherProcessImageListener.kt and can cause a denial of service by exhausting system resources. An attacker can trigger the failure without any additional privileges or user interaction, leading to local disruption of the device’s launcher functionality. Because the flaw involves uncontrolled resource allocation, the impact is confined to availability and can affect device responsiveness and user experience.

Affected Systems

Affected systems include Google Android devices. No specific product or version information is supplied, so the vulnerability could potentially affect any Android installation that includes the vulnerable launcher code.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity. Because the flaw does not require privilege escalation and can be triggered without user interaction, it remains a relatively high risk. The EPSS score is unavailable and the vulnerability is not listed in CISA KEV, indicating no confirmed exploitation reports yet. Nonetheless, the flaw can be exploited by locally executing a crafted image that forces the launcher to allocate excessive resources.

Generated by OpenCVE AI on June 2, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to the latest Android security patch that includes a fix for the launcher resource handling.
  • Configure the system to restrict or throttle background image loading in the launcher, minimizing memory allocation.
  • Monitor the launcher’s memory and CPU usage and restart it if resource consumption deviates from normal thresholds.
  • Consider disabling or replacing third‑party launchers that may trigger the resource exhaustion.

Generated by OpenCVE AI on June 2, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
Title Resource Exhaustion in Android Launcher Causes Local Denial of Service

Tue, 02 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Resource Exhaustion in Android Launcher Listener
Weaknesses CWE-399

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Denial of Service via Resource Exhaustion in Android Launcher Listener
Weaknesses CWE-399

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:19:10.327Z

Reserved: 2025-10-15T15:41:00.334Z

Link: CVE-2026-0074

cve-icon Vulnrichment

Updated: 2026-06-01T23:19:00.083Z

cve-icon NVD

Status : Received

Published: 2026-06-01T22:16:21.560

Modified: 2026-06-02T00:16:35.670

Link: CVE-2026-0074

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T04:00:13Z

Weaknesses