VYPR
← All advisories
High severity8.0NVD Advisory· Published Jun 1, 2026· Updated Jun 1, 2026

CVE-2026-0095

CVE-2026-0095

Description

Integer overflow in l2c_fcr_clone_buf leads to heap corruption and privilege escalation in the Bluetooth process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in l2c_fcr_clone_buf leads to heap corruption and privilege escalation in the Bluetooth process.

Vulnerability

An integer overflow vulnerability exists in the l2c_fcr_clone_buf function within l2c_fcr.cc. This flaw allows for controlled heap corruption to occur within the privileged Bluetooth process. The vulnerability is present in Android versions affected by the June 2026 security bulletin [1].

Exploitation

Exploitation of this vulnerability does not require user interaction and can be performed by a local attacker. The attacker needs to trigger the vulnerable code path within the Bluetooth process, which could be achieved by sending specially crafted Bluetooth packets or interacting with the Bluetooth stack in a specific manner.

Impact

Successful exploitation of this vulnerability can lead to local privilege escalation within the affected Android device. The attacker gains elevated privileges within the privileged Bluetooth process, potentially allowing them to access sensitive data or execute arbitrary code with the privileges of that process.

Mitigation

This vulnerability is addressed in Android versions affected by the June 2026 security bulletin [1]. Users should ensure their devices are updated to receive these security patches. No specific workarounds are mentioned in the available references.

References
  1. Android Security Bulletin—June 2026

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.