Description
In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Published: 2026-06-16
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the RTP packet decoder within the Android OS, an integer overflow can cause an out‑of‑bounds memory read. This flaw is a classic buffer read issue (CWE‑125) that can be abused to obtain read capabilities with local user context (CWE‑190). The vulnerability does not provide arbitrary code execution; instead, it allows a malicious process to elevate its privileges to match the highest available group on the device. No additional privileges are required, and the exploit does not involve remote components. The formal description specifies that user interaction is necessary to trigger the overflow, implying that an attacker must persuade a victim to run a crafted packet or application.

Affected Systems

Google Android devices are the affected platform. The CVE entry does not list specific Android releases or product sub‑models. Consequently, any Android system that incorporates the vulnerable RTP packet decoder component may be impacted. Updates that include remedial code in the decoder are expected to mitigate the issue.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity in terms of confidentiality, integrity, and availability impact. The EPSS score of less than 1% suggests that, as of the latest statistical analysis, the probability of exploitation is very low. The vulnerability is not in the CISA Known Exploited Vulnerabilities list (KEV), meaning no publicly documented exploit campaigns are currently highlighted. The attack path lies within the local device context and requires the victim to interact with a maliciously crafted RTP packet, typically delivered via voice or video streaming services or applications that use RTP. If such user interaction occurs, the integer overflow can be triggered, leading to local privilege escalation without further exploitation steps.

Generated by OpenCVE AI on June 17, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Android to the latest release that includes the fix for CVE‑2026‑0131
  • If an update is unavailable, restrict or disable RTP‑based functions such as VoLTE or any application that processes RTP streams to lower the attack surface
  • Continuously monitor device for anomalous RTP traffic or known exploit signatures, and maintain strong application‑level security controls

Generated by OpenCVE AI on June 17, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title RTP Packet Decoding Integer Overflow in Android Enables Local Privilege Escalation

Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-190
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T03:56:25.619Z

Reserved: 2025-10-23T08:43:33.389Z

Link: CVE-2026-0131

cve-icon Vulnrichment

Updated: 2026-06-16T20:45:17.218Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:23.990

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0131

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T18:15:10Z

Weaknesses