Google Android vulnerabilities

CVE-2023-35657 [MEDIUM] CWE-125 CVE-2023-35657: In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26424 [MEDIUM] CWE-284 CVE-2025-26424: In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic er In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26423 [MEDIUM] CWE-400 CVE-2025-26423: In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a perma In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26420 [MEDIUM] CWE-281 CVE-2025-26420: In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user i In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26448 [MEDIUM] CWE-457 CVE-2025-26448: In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized da In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26425 [MEDIUM] CWE-266 CVE-2025-26425: In multiple functions of RoleService.java, there is a possible permission squatting vulnerability du In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGE_DEFAULT_APPLICATIONS was not defined with no additional execution privileges needed. User interaction is not needed

CVE-2024-49731 [MEDIUM] CWE-266 CVE-2024-49731: In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches wh In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48529 [MEDIUM] CWE-441 CVE-2025-48529: In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data le In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26421 [MEDIUM] CWE-290 CVE-2025-26421: In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26432 [MEDIUM] CWE-130 CVE-2025-26432: In multiple locations, there is a possible way to persistently DoS the device due to a missing lengt In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48550 [MEDIUM] CWE-22 CVE-2025-48550: In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of servic In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26426 [MEDIUM] CWE-20 CVE-2025-26426: In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48542 [MEDIUM] CWE-400 CVE-2025-48542: In multiple functions of AccountManagerService.java, there is a possible permanent denial of service In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48528 [MEDIUM] CWE-266 CVE-2025-48528: In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay att In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36902 [MEDIUM] CWE-122 CVE-2025-36902: In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48526 [MEDIUM] CWE-266 CVE-2025-48526: In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to la In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0077 [MEDIUM] CWE-1223 CVE-2025-0077: In multiple functions of UserController.java, there is a possible lock screen bypass due to a race c In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26442 [MEDIUM] CWE-863 CVE-2025-26442: In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verificati In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26422 [MEDIUM] CWE-279 CVE-2025-26422: In dump of WindowManagerService.java, there is a possible way of running dumpsys without the require In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36893 [MEDIUM] CWE-908 CVE-2025-36893: In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitializ In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.