CVE-2025-36902Heap-based Buffer Overflow in Google Android

CWE-122Heap-based Buffer OverflowCWE-476NULL Pointer Dereference5 documents5 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 99.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedSep 4

Description

In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5google/androidAndroid kernel

🔴Vulnerability Details

3
CVEList
CVE-2025-36902: In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs2025-09-04
GHSA
GHSA-838j-6h48-w2c3: In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs2025-09-04
OSV
CVE-2025-36902: In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs2025-09-01

📋Vendor Advisories

1
Microsoft
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()2024-05-14
CVE-2025-36902 — Heap-based Buffer Overflow in Google | cvebase