PUB-A-449725859

See a problem?

Import Source

https://storage.googleapis.com/android-osv/PUB-A-449725859.json

JSON Data

https://api.osv.dev/v1/vulns/PUB-A-449725859

Aliases

A-449725859
CVE-2026-0154

Published

2026-06-01T00:00:00Z

Modified

2026-06-22T15:18:41.032815418Z

Summary

[none]

Details

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2026-06-01

Affected packages

Android / :unknown:

Package

Name: :unknown:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2026-06-05

Affected versions

Other

Device specific

Ecosystem specific

{
    "types": [
        "RCE"
    ],
    "severity": "Critical",
    "spl": "2026-06-05"
}

Database specific

source

"https://storage.googleapis.com/android-osv/PUB-A-449725859.json"