CVE-2025-20722Integer Overflow or Wraparound in Google Android

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google AndroidOpenwrtRdkcentral Rdk-b
Timeline
PublishedOct 14

Description

In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDgoogle/android14.0, 15.0+1
NVDopenwrt/openwrt21.02.0, 23.05+1
NVDrdkcentral/rdk-b2024q1

🔴Vulnerability Details

2
CVEList
CVE-2025-20722: In gnss driver, there is a possible out of bounds read due to an integer overflow2025-10-14
GHSA
GHSA-xr7x-cgg3-q7vw: In gnss driver, there is a possible out of bounds read due to an integer overflow2025-10-14
CVE-2025-20722 — Integer Overflow or Wraparound | cvebase