CVE-2026-0128

Vulnerability

In RtcpFbPacket::decodeRtcpFbPacket, an integer overflow can occur, leading to an out-of-bounds read. This affects Pixel devices. The vulnerable code path is reachable when processing a crafted RTCP feedback packet. No additional execution privileges are needed. Affected versions include Pixel devices prior to the 2026-06-05 security patch level [1].

Exploitation

An attacker can exploit this remotely by sending a specially crafted RTCP feedback packet. User interaction is required, such as receiving a malicious packet during a communication session. No authentication or additional privileges are needed. The exploit does not require any special network position beyond ability to send packets to the target device.

Impact

Successful exploitation results in remote information disclosure via an out-of-bounds read, potentially leaking sensitive data from memory. The attacker gains no code execution or privilege escalation.

Mitigation

Google addressed this issue in the Pixel Update Bulletin—June 2026. Devices with security patch level 2026-06-05 or later are protected. Users should update to the latest security patch via OTA updates [1].