CVE-2025-26448 — Use of Uninitialized Variable

Vendor	Product	Version range	Fixed in
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
google	android	—	—
platform	frameworks_base	>= 13:0 < 13:2025-06-01	13:2025-06-01
platform	frameworks_base	>= 14:0 < 14:2025-06-01	14:2025-06-01
platform	frameworks_base	>= 15:0 < 15:2025-06-01	15:2025-06-01
platform	frameworks_base	>= 16-next:0 < 16-next:2025-06-01	16-next:2025-06-01

GHSA

GHSA-rc6h-67x7-j653: In writeToParcel of CursorWindow

ghsa_unreviewed·2025-09-05

CVE-2025-26448 [MEDIUM] CWE-457 GHSA-rc6h-67x7-j653: In writeToParcel of CursorWindow In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

OSV

CVE-2025-26448: In writeToParcel of CursorWindow

osv·2025-06-01

CVE-2025-26448 CVE-2025-26448: In writeToParcel of CursorWindow In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Android

CVE-2025-26448: Android Security Bulletin 2025-06-01 CVE: CVE-2025-26448 Severity: HIGH Type: ID Affected AOSP versions: 13, 14, 15 References: A-309407957

vendor_android·2025-06-01·CVSS 5.5

CVE-2025-26448 [MEDIUM] CVE-2025-26448: Android Security Bulletin 2025-06-01 CVE: CVE-2025-26448 Severity: HIGH Type: ID Affected AOSP versions: 13, 14, 15 References: A-309407957 Android Security Bulletin 2025-06-01 CVE: CVE-2025-26448 Severity: HIGH Type: ID Affected AOSP versions: 13, 14, 15 References: A-309407957

CVE-2025-26448: In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no…

Affected