CVE-2026-0043

Vulnerability

Multiple functions within ubsan_throwing_runtime.cpp are affected by an integer overflow vulnerability. This flaw can lead to a persistent denial of service condition. The vulnerability is present in Android versions prior to the June 2026 security bulletin. [1]

Exploitation

An attacker can exploit this vulnerability without user interaction. The vulnerability is described as leading to local privilege escalation, implying that an attacker with local access or a compromised process could trigger the overflow. No additional execution privileges are needed beyond what the attacker already possesses. [1]

Impact

Successful exploitation of this vulnerability can result in a persistent denial of service, making the affected system or application unavailable. Additionally, it allows for local privilege escalation, enabling an attacker to gain higher privileges on the system without needing further execution permissions. [1]

Mitigation

This vulnerability is addressed in Android versions included in the June 2026 security bulletin. Users should update their Android devices to the latest available version. Specific patch release dates are not detailed in the provided references, and no workarounds are mentioned. [1]