CVE-2026-0059

Vulnerability

Multiple functions within sdp_discovery.cc are affected by a heap buffer overflow vulnerability. This flaw exists in the code responsible for handling SDP discovery protocols. Affected versions are not explicitly detailed in the available references, but the vulnerability is present in the Android platform.

Exploitation

An attacker can exploit this vulnerability remotely, potentially from an adjacent network, without requiring any user interaction or special privileges. The vulnerability is triggered by sending specially crafted SDP discovery packets that cause the buffer overflow.

Impact

Successful exploitation of this heap buffer overflow can lead to remote code execution on the affected device. The attacker gains the ability to execute arbitrary code with the same privileges as the vulnerable process, which could be significant depending on the context of the sdp_discovery.cc service.

Mitigation

This vulnerability is addressed in the June 2026 Android Security Bulletin [1]. Specific patch versions and release dates are available in the official bulletin. Users are advised to update their Android devices to the latest available security patch level. No workarounds are disclosed in the available references.