Description
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Ubsan runtime, where an integer overflow can occur in several functions. This overflow can cause a persistent crash of the affected process, resulting in a denial of service. The failure is internal to the operating system and requires no additional privileges, producing only local denial of service.

Affected Systems

The affected product is Google Android. No specific OS versions or build identifiers are provided by the CNA data, so any Android builds containing the vulnerable UBSan runtime function may be impacted.

Risk and Exploitability

The vulnerability is classified as a local denial of service with no exploitation privileges needed. The CVSS score is 5.5, indicating moderate severity. The event is not listed in the CISA KEV catalog, and EPSS data is not available; therefore the current exploit probability is not defined. The denial of service is persistent, meaning it can affect the system until a reboot or patch is applied. The likely attack vector is local exploitation through normal use of the system, requiring no user interaction.

Generated by OpenCVE AI on June 2, 2026 at 01:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch from Google to fix the integer overflow in the UBSan runtime.
  • If an immediate patch is unavailable, isolate the affected component by disabling the relevant process or service if possible to prevent crashes.
  • Continuously monitor system logs for unexpected crashes or abnormal behavior linked to UBSan.

Generated by OpenCVE AI on June 2, 2026 at 01:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android UBSan Runtime Leading to Local Denial of Service

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Android UBSan Runtime Leading to Local Denial of Service
First Time appeared Google
Google android
Weaknesses CWE-190
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:19:52.384Z

Reserved: 2025-10-15T15:42:12.662Z

Link: CVE-2026-0079

cve-icon Vulnrichment

Updated: 2026-06-01T23:19:39.396Z

cve-icon NVD

Status : Received

Published: 2026-06-01T22:16:22.040

Modified: 2026-06-02T00:16:35.843

Link: CVE-2026-0079

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T02:00:14Z

Weaknesses