CVE-2025-36924Classic Buffer Overflow in Google Android

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds WriteCWE-667Improper Locking5 documents5 sources
Severity
8.0HIGHNVD
EPSS
0.0%
top 97.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedDec 11

Description

In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

CVEListV5google/androidAndroid kernel

🔴Vulnerability Details

3
CVEList
CVE-2025-36924: In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement2025-12-11
GHSA
GHSA-g22h-2f38-x58q: In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement2025-12-11
OSV
CVE-2025-36924: In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement2025-12-01

📋Vendor Advisories

1
Microsoft
scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()2024-05-14
CVE-2025-36924 — Classic Buffer Overflow in Google | cvebase