Impact
The vulnerability is an out‑of‑bounds read in the Android modem firmware caused by a missing bounds check. This flaw can be triggered remotely and results in a denial of service by crashing or destabilizing the modem component. It does not provide any privilege escalation or code execution pathways. The weakness is represented by CWE‑120 and CWE‑125, indicating a classic buffer overread scenario.
Affected Systems
The affected product is Android devices provided by Google. Specific affected versions are not listed in the data, so all Android devices running the vulnerable modem firmware are potentially impacted until the patch is applied.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation in the wild is unlikely at this time. The vulnerability is not included in the CISA KEV catalog. Attackers could exploit the flaw from a remote connection to the device, requiring no local user interaction or elevated privileges. The lack of a user interaction requirement raises the risk of automated exploitation from outside the device, though the low EPSS score mitigates immediate concern.
OpenCVE Enrichment