Google Android vulnerabilities

CVE-2025-20785 [MEDIUM] CWE-416 CVE-2025-20785: In display, there is a possible memory corruption due to use after free. This could lead to local es In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.

CVE-2025-20786 [MEDIUM] CWE-415 CVE-2025-20786: In display, there is a possible memory corruption due to use after free. This could lead to local es In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.

CVE-2025-20782 [MEDIUM] CWE-787 CVE-2025-20782: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.

CVE-2025-36937 [CRITICAL] CWE-787 CVE-2025-36937: In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write d In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36925 [HIGH] CWE-787 CVE-2025-36925: In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missin In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36916 [HIGH] CWE-362 CVE-2025-36916: In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condi In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36928 [HIGH] CWE-120 CVE-2025-36928: In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bound In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36934 [HIGH] CWE-362 CVE-2025-36934: In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after f In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36930 [HIGH] CWE-120 CVE-2025-36930: In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds c In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36919 [HIGH] CWE-415 CVE-2025-36919: In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This cou In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36927 [HIGH] CWE-120 CVE-2025-36927: In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a mi In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36936 [HIGH] CWE-190 CVE-2025-36936: In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an i In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36935 [HIGH] CWE-787 CVE-2025-36935: In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to unini In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36923 [HIGH] CWE-122 CVE-2025-36923: In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36931 [HIGH] CWE-120 CVE-2025-36931: In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds c In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36932 [HIGH] CWE-20 CVE-2025-36932: In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36918 [HIGH] CWE-125 CVE-2025-36918: In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to imprope In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36924 [HIGH] CWE-120 CVE-2025-36924: In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36921 [MEDIUM] CWE-125 CVE-2025-36921: In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE-2025-36889 [MEDIUM] CWE-441 CVE-2025-36889: In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused dep In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.