Google Android vulnerabilities

CVE-2025-48623 [HIGH] CWE-787 CVE-2025-48623: In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input valid In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48615 [HIGH] CWE-770 CVE-2025-48615: In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48612 [HIGH] CWE-20 CVE-2025-48612: In multiple locations, there is a possible way for an application on a work profile to set the main In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48632 [HIGH] CWE-20 CVE-2025-48632: In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to p In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48592 [HIGH] CWE-125 CVE-2025-48592: In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer ov In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32329 [HIGH] CVE-2025-32329: In multiple functions of Session.java, there is a possible way to view images belonging to a differe In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48628 [HIGH] CWE-441 CVE-2025-48628: In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak d In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48629 [HIGH] CWE-1188 CVE-2025-48629: In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48580 [HIGH] CVE-2025-48580: In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission w In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48597 [HIGH] CWE-1021 CVE-2025-48597: In multiple locations, there is a possible way to trick a user into accepting a permission due to a In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48620 [HIGH] CVE-2025-48620: In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48573 [HIGH] CWE-250 CVE-2025-48573: In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48588 [HIGH] CVE-2025-48588: In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic err In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48564 [HIGH] CWE-362 CVE-2025-48564: In multiple locations, there is a possible intent filter bypass due to a race condition. This could In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48594 [HIGH] CWE-20 CVE-2025-48594: In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion appl In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48525 [HIGH] CWE-20 CVE-2025-48525: In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue read In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48608 [MEDIUM] CWE-862 CVE-2025-48608: In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a miss In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32319 [MEDIUM] CWE-862 CVE-2025-32319: In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep fore In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48633 [MEDIUM] CVE-2025-48633: In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48610 [MEDIUM] CVE-2025-48610: In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.