Description
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the modem component where an attacker can send a crafted SIP REFER request that triggers a memory corruption, causing the modem to crash. This crash can be exploited to execute arbitrary code on the device with the same privileges as the running process, without requiring any privilege escalation. The weakness is a buffer overflow (CWE-120).

Affected Systems

All Google Android devices that include a modem capable of processing SIP REFER requests are affected. No specific Android OS versions are listed in the CNA data; therefore any device that supports SIP on the modem is potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high impact vulnerability, while the EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote attack that exploits the SIP REFER protocol without any user interaction. An attacker can send a malicious SIP REFER packet over the network to the device, causing the modem to crash and enabling remote code execution. Due to the lack of user interaction and the high severity, any impact assessment should assume that an attacker capable of sending SIP traffic can compromise the device.

Generated by OpenCVE AI on June 17, 2026 at 18:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch that includes the modem firmware fix as detailed in the Google security bulletin
  • Disallow or restrict the use of the SIP REFER method on the device, for example by configuring the firewall or disabling SIP functionality when it is not needed
  • Monitor the device for repeated modem crash events or anomalous behavior in system logs, and investigate any suspicious activity promptly

Generated by OpenCVE AI on June 17, 2026 at 18:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T03:56:10.176Z

Reserved: 2025-10-23T08:44:05.072Z

Link: CVE-2026-0154

cve-icon Vulnrichment

Updated: 2026-06-16T19:56:09.786Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:26.063

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0154

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:45:02Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')