Description
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds read in the Android modem firmware caused by a missing bounds check. This flaw can be triggered remotely and results in a denial of service by crashing or destabilizing the modem component. It does not provide any privilege escalation or code execution pathways. The weakness is represented by CWE‑120 and CWE‑125, indicating a classic buffer overread scenario.

Affected Systems

The affected product is Android devices provided by Google. Specific affected versions are not listed in the data, so all Android devices running the vulnerable modem firmware are potentially impacted until the patch is applied.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation in the wild is unlikely at this time. The vulnerability is not included in the CISA KEV catalog. Attackers could exploit the flaw from a remote connection to the device, requiring no local user interaction or elevated privileges. The lack of a user interaction requirement raises the risk of automated exploitation from outside the device, though the low EPSS score mitigates immediate concern.

Generated by OpenCVE AI on June 17, 2026 at 20:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security update that addresses the modem out‑of‑bounds read
  • Enable automatic firmware updates to keep the device current with future security patches
  • Monitor device logs for unexplained modem crashes that may indicate exploitation attempts

Generated by OpenCVE AI on June 17, 2026 at 20:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Modem Out-of-Bounds Read Leading to Remote Denial of Service on Android Devices

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CWE-125
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-16T20:36:48.026Z

Reserved: 2025-10-23T08:43:40.068Z

Link: CVE-2026-0136

cve-icon Vulnrichment

Updated: 2026-06-16T20:18:03.850Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:24.440

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0136

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T20:45:03Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-125

    Out-of-bounds Read