Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-0064

CVE-2026-0064: Google Android DoS Vulnerability

CVE-2026-0064 is a persistent denial of service vulnerability in Google Android caused by resource exhaustion. Attackers can trigger local DoS without privileges. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2026-0064 Overview

CVE-2026-0064 is a resource exhaustion vulnerability affecting Google Android 17.0. The flaw exists in multiple locations within the operating system and allows a persistent denial of service condition. Exploitation requires no user interaction and no additional execution privileges. The vulnerability is tracked under CWE-400: Uncontrolled Resource Consumption.

Google disclosed the issue through the Android Security Bulletin. The advisory notes local impact, while the CVSS vector indicates a network attack surface against affected components.

Critical Impact

Attackers can trigger persistent denial of service on Android 17.0 devices without user interaction, requiring device recovery or reset to restore functionality.

Affected Products

  • Google Android 17.0
  • Devices running the Android 17 platform release
  • Original equipment manufacturer builds based on Android 17.0

Discovery Timeline

  • 2026-06-17 - CVE-2026-0064 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-0064

Vulnerability Analysis

The vulnerability stems from uncontrolled resource consumption across multiple components in Android 17.0. Affected code paths fail to enforce bounds on resource allocation. An attacker can drive the device into a state where critical system resources become exhausted.

Because the denial of service is persistent, the impacted state survives normal operation and may require user intervention to recover. The flaw maps to CWE-400, covering scenarios where a system does not properly restrict the size or amount of resources requested or influenced by an actor.

Exploitation does not require user interaction or elevated privileges. This expands the practical attack surface for unauthenticated adversaries targeting reachable Android components.

Root Cause

The root cause is missing or insufficient validation on resource allocation across several Android subsystems. The affected components accept inputs or operations that lead to unbounded consumption of memory, storage, or processing capacity. Google has not published per-component technical details beyond the Android Security Bulletin.

Attack Vector

The CVSS vector lists a network attack vector with low complexity and no privileges required. An attacker delivers crafted input to a vulnerable Android component, triggering resource exhaustion. The device enters a degraded or unresponsive state, producing a persistent denial of service condition that interrupts normal use.

No public proof-of-concept exploit is available. No exploitation in the wild has been confirmed, and the CVE is not listed in the CISA Known Exploited Vulnerabilities catalog. The current EPSS probability is 0.148%.

See the Android Security Bulletin for component-level technical details.

Detection Methods for CVE-2026-0064

Indicators of Compromise

  • Unexpected device unresponsiveness, repeated reboots, or services failing to start on Android 17.0 endpoints.
  • Sustained spikes in memory, CPU, or storage consumption tied to system components without a corresponding user workload.
  • Crash logs or tombstone entries referencing components highlighted in the Android Security Bulletin.

Detection Strategies

  • Collect Android system logs (logcat, dropbox, and bugreport) from managed devices and review for anomalous resource allocation patterns.
  • Use mobile device management (MDM) telemetry to flag devices reporting persistent service failures or boot loops after network exposure.
  • Correlate device patch level against the Android Security Bulletin and prioritize unpatched Android 17.0 builds for investigation.

Monitoring Recommendations

  • Track Android security patch level (SPL) compliance across the fleet and alert on devices missing the bulletin fix.
  • Monitor network egress and ingress to Android devices for repeated crafted traffic patterns that precede device unresponsiveness.
  • Enable centralized crash and diagnostic reporting through your enterprise mobility platform to identify clusters of impacted devices.

How to Mitigate CVE-2026-0064

Immediate Actions Required

  • Apply the Android 17 security patch referenced in the Android Security Bulletin as soon as the OEM build is available.
  • Inventory all Android 17.0 devices in the environment and confirm their current security patch level.
  • Enforce MDM policies that require devices to install the fixed build before accessing sensitive corporate resources.

Patch Information

Google addressed CVE-2026-0064 in the Android 17 security update. Device vendors integrate the fix into their respective OEM releases. Confirm the device security patch level matches or exceeds the date listed in the Android Security Bulletin.

Workarounds

  • Restrict exposure of Android 17.0 devices to untrusted networks until the patch is deployed.
  • Disable or limit access to non-essential network-facing services and applications on affected devices.
  • Use enterprise mobility management to quarantine non-compliant devices that have not received the fixed build.
bash
# Verify Android security patch level via adb
adb shell getprop ro.build.version.security_patch
adb shell getprop ro.build.version.release

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne