CVE-2025-36917Classic Buffer Overflow in Google Android

CWE-120Classic Buffer OverflowCWE-190Integer Overflow or Wraparound5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedDec 11

Description

In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5google/androidAndroid kernel

🔴Vulnerability Details

3
CVEList
CVE-2025-36917: In SwDcpItg of up_L2commonPdcpSecurity2025-12-11
GHSA
GHSA-m84x-jhq2-p8xx: In SwDcpItg of up_L2commonPdcpSecurity2025-12-11
OSV
CVE-2025-36917: In SwDcpItg of up_L2commonPdcpSecurity2025-12-01

📋Vendor Advisories

1
Microsoft
block: fix overflow in blk_ioctl_discard()2024-05-14
CVE-2025-36917 — Classic Buffer Overflow in Google | cvebase