Google Android vulnerabilities

CVE-2025-32322 [HIGH] CWE-20 CVE-2025-32322: In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32350 [HIGH] CWE-1021 CVE-2025-32350: In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsS In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32325 [HIGH] CWE-122 CVE-2025-32325: In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32323 [HIGH] CWE-20 CVE-2025-32323: In getCallingAppName of Shared.java, there is a possible way to trick users into granting file acces In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48552 [HIGH] CVE-2025-48552: In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49714 [HIGH] CWE-122 CVE-2024-49714: In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer over In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26455 [HIGH] CWE-122 CVE-2025-26455: In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap bu In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32331 [HIGH] CWE-693 CVE-2025-32331: In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning du In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32349 [HIGH] CWE-1021 CVE-2025-32349: In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36905 [HIGH] CWE-693 CVE-2025-36905: In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic erro In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48541 [HIGH] CWE-20 CVE-2025-48541: In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user pro In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32346 [HIGH] CWE-441 CVE-2025-32346: In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact numb In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48537 [HIGH] CWE-20 CVE-2025-48537: In multiple locations, there is a possible way to persistently DoS the device due to improper input In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26464 [HIGH] CWE-693 CVE-2025-26464: In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launc In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36887 [HIGH] CWE-787 CVE-2025-36887: In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds writ In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26444 [HIGH] CWE-693 CVE-2025-26444: In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the sys In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted

CVE-2025-26450 [HIGH] CWE-862 CVE-2025-26450: In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48531 [HIGH] CWE-693 CVE-2025-48531: In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36903 [HIGH] CWE-787 CVE-2025-36903: In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This c In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36906 [HIGH] CWE-122 CVE-2025-36906: In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.