CVE-2026-0074

Vulnerability

A denial of service vulnerability exists in the getPreferredSize method of LauncherProcessImageListener.kt within Android. This issue could lead to resource exhaustion, potentially impacting the system's stability. The vulnerability affects Android versions covered by the June 2026 security bulletin [1].

Exploitation

Exploitation of this vulnerability does not require user interaction and can be performed by a local attacker. The attacker needs to trigger the vulnerable code path, which could lead to resource exhaustion on the affected device. No additional execution privileges are needed beyond local access [1].

Impact

Successful exploitation of this vulnerability can result in a local denial of service. This means the attacker can cause the affected Android device to become unresponsive or unstable by exhausting its resources. The vulnerability does not grant any additional execution privileges beyond what is already available locally [1].

Mitigation

This vulnerability is addressed in the June 2026 Android Security Bulletin [1]. Users should ensure their devices are updated to receive the security patch. Specific patch versions and release dates are detailed in the bulletin. No workarounds are mentioned in the available references, and the EOL status or KEV listing for this specific vulnerability is not yet disclosed [1].