CVE-2026-0149
Description
A heap buffer overflow in RtpSession::rtpSendRtcpPacket allows remote code execution on Pixel devices without user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap buffer overflow in RtpSession::rtpSendRtcpPacket allows remote code execution on Pixel devices without user interaction.
Vulnerability
A heap buffer overflow vulnerability exists in the RtpSession::rtpSendRtcpPacket function, leading to an out-of-bounds write. The issue arises due to insufficient bounds checking when constructing RTCP packets. This affects Pixel devices running Android versions prior to the June 2026 security patch level (2026-06-05) [1].
Exploitation
Exploitation is performed remotely and requires no additional privileges or user interaction. An attacker can send a specially crafted network packet to the device's RTP session handler, triggering the OOB write in rtpSendRtcpPacket [1].
Impact
Successful exploitation results in remote code execution within the context of the RTP service, potentially allowing full device compromise. The attacker gains arbitrary code execution without any user action, posing a critical risk to confidentiality, integrity, and availability [1].
Mitigation
The vulnerability is fixed in the June 2026 Pixel Update Bulletin with the security patch level 2026-06-05. Users are strongly encouraged to apply the update to their Pixel devices. No workarounds are available other than installing the patch [1].
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.