Impact
A heap buffer overflow in the Android modem component can cause an out‑of‑bounds write that allows an attacker to execute arbitrary code on the device. The flaw is identified as a buffer overflow (CWE‑122). The attack does not require the victim to take any action, and no extra privileges are needed once the code runs.
Affected Systems
The vulnerability affects Android devices provided by Google. No specific version information is available in the data, so any device running an affected Android build that contains the unpatched modem code is at risk.
Risk and Exploitability
The CVSS score of 8.8 classifies the flaw as high severity. The EPSS score of <1% suggests that, at the time of analysis, the probability of exploitation is low, and it is not currently listed in the CISA KEV catalog. The likely attack vector involves malicious network traffic that interacts with the modem; because user interaction is not required, automated exploits could target devices while they are connected to cellular or Wi-Fi networks.
OpenCVE Enrichment