CVE-2026-0164
Description
A missing bounds check in Modem allows remote code execution without user interaction or additional privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing bounds check in Modem allows remote code execution without user interaction or additional privileges.
Vulnerability
In the Modem component of Pixel devices, an out-of-bounds write vulnerability exists due to a missing bounds check. This affects devices running security patch levels prior to 2026-06-05. The exact affected Android versions are not specified, but the vulnerability is present in supported Pixel devices as per the June 2026 Pixel Update Bulletin [1].
Exploitation
An attacker can exploit this vulnerability remotely without any user interaction or additional execution privileges. The attacker needs to send a crafted message to the modem to trigger the out-of-bounds write, leading to memory corruption.
Impact
Successful exploitation results in remote code execution (RCE) within the modem context. The attacker can execute arbitrary code with the privileges of the modem, potentially compromising device functionality and data.
Mitigation
The fix is included in the June 2026 Pixel Update Bulletin, with security patch level 2026-06-05 [1]. Users should update their devices to this patch level to mitigate the vulnerability. No workaround is available.
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.