CVE-2025-20765 — Race Condition in Google Android

CWE-362 — Race Condition CWE-415 — Double Free3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 99.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android Linuxfoundation Yocto Openwrt

Timeline

PublishedDec 2

Description

In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages3 packages

▶NVDgoogle/android14.0, 15.0, 16.0+2

▶NVDopenwrt/openwrt21.02.0, 23.05.0+1

▶NVDlinuxfoundation/yocto4.0

🔴Vulnerability Details

CVEList

CVE-2025-20765: In aee daemon, there is a possible system crash due to a race condition↗2025-12-02

▶

GHSA

GHSA-vg9c-mrp6-2mh9: In aee daemon, there is a possible system crash due to a race condition↗2025-12-02

▶