Description
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow in multiple functions of ubsan_throwing_runtime.cpp can cause the Android runtime to crash. The flaw does not require elevated privileges or user interaction, making it exploitable from a remote context. When triggered, the crash results in a denial of service, interrupting the affected process or system without providing an attacker with any additional capabilities.

Affected Systems

The flaw was identified in the Android operating system within the ubsan module. No specific version numbers are listed, indicating that a range of Android releases that include the vulnerable ubsan implementations may be affected.

Risk and Exploitability

The vulnerability is remotely exploitable as it can be triggered without local access or user action. While an EPSS score is not available and the issue is not currently listed in CISA's KEV catalog, the potential for widespread disruption remains high. Existing mitigations rely on applying vendor-provided patches; until an update is deployed, the risk of denial of service to any affected device persists. The CVSS score of 6.5 indicates moderate severity, highlighting the likelihood of impact when the flaw is triggered.

Generated by OpenCVE AI on June 2, 2026 at 01:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch that addresses the ubsan_throwing_runtime.cpp overflow. 
  • If an immediate patch is unavailable, schedule the update for the next system maintenance window to limit exposure. 
  • Monitor device logs for recurring crash events and report any findings to Google for further analysis.

Generated by OpenCVE AI on June 2, 2026 at 01:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ubsan_throwing_runtime.cpp Leading to Remote Denial of Service

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in ubsan_throwing_runtime.cpp Leading to Remote Denial of Service
First Time appeared Google
Google android
Weaknesses CWE-190
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T23:45:08.655Z

Reserved: 2025-10-15T15:42:12.974Z

Link: CVE-2026-0080

cve-icon Vulnrichment

Updated: 2026-06-01T23:45:00.998Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-01T22:16:22.137

Modified: 2026-06-02T13:04:00.123

Link: CVE-2026-0080

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T01:30:26Z

Weaknesses