Impact
The vulnerability is an out‑of‑bounds write caused by a missing bounds check in the WC‑Radio component of Google Android. The flaw can be triggered without requiring any user interaction and enables an attacker to execute arbitrary code on the device with the same privilege level as the running radio process. As a result, confidentiality could be compromised, the device may be taken over, and additional attacks could be launched from the compromised device.
Affected Systems
The affected systems are Google Android devices that include the WC‑Radio component. Specific product and version details are not listed, so any Android device that incorporates the vulnerable WC‑Radio implementation could be impacted.
Risk and Exploitability
The CVSS score of 8.8 indicates a high severity risk. The EPSS score is less than 1 %, indicating a very low overall probability of exploitation reported in the available data, but the vulnerability is not listed in the CISA KEV catalog. The flaw enables remote code execution, a high‑severity outcome. No special privileges or user interaction are necessary, implying that an attacker could launch the exploit from a remote context, potentially via a network or wireless interface. Because the exploitation requires only a missing bounds check, any device connected to a network that can manipulate radio traffic could be targeted, making it a threat to devices with exposed radio interfaces.
OpenCVE Enrichment