An integer overflow vulnerability was found in Android libcu2ls that could be exploited to escalate privileges to the system_server permission level. The vulnerability allows a local application to leverage a heap overflow through improper input validation in a Binder call to corrupt memory and gain elevated privileges on the device. A proof-of-concept exploit was developed to demonstrate the issue.