PatchSiren cyber security CVE debrief
CVE-2026-0144 Google CVE debrief
A memory safety issue was found in the AocAudioCodec.cpp file, specifically in the writeAocCommand function. This issue is due to a missing bounds check, which could lead to a remote denial of service attack. The attack requires no additional execution privileges and does not need user interaction to be exploited.
- Vendor
- Product
- Android
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
This CVE affects Android users and administrators, as it could potentially be used to launch a denial-of-service attack.
Technical summary
The vulnerability is located in the writeAocCommand function of AocAudioCodec.cpp. A missing bounds check could allow an attacker to cause a memory safety issue, leading to a denial of service.
Defensive priority
High
Recommended defensive actions
- Apply the security patch as soon as possible to prevent exploitation.
- Ensure that the affected system or device is updated with the latest security patches.
Evidence notes
The CVE was published on June 16, 2026, and last modified on June 16, 2026. The vulnerability has been reported to be related to the Android operating system.
Official resources
-
CVE-2026-0144 CVE record
CVE.org
-
CVE-2026-0144 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0144 was published on 2026-06-16T20:16:25.170Z and last modified on 2026-06-16T20:42:25.013Z.