Google Android vulnerabilities

CVE-2026-0121 [LOW] CWE-362 CVE-2026-0121: In VPU, there is a possible use-after-free read due to a race condition. This could lead to local in In VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0115 [LOW] CWE-1300 CVE-2026-0115: In Trusted Execution Environment, there is a possible key leak due to side channel information discl In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-61615 [HIGH] CWE-20 CVE-2025-61615: In nr modem, there is a possible system crash due to improper input validation. This could lead to r In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-61614 [HIGH] CWE-20 CVE-2025-61614: In nr modem, there is a possible system crash due to improper input validation. This could lead to r In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-61613 [HIGH] CWE-20 CVE-2025-61613: In nr modem, there is a possible system crash due to improper input validation. This could lead to r In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-61616 [HIGH] CWE-20 CVE-2025-61616: In nr modem, there is a possible system crash due to improper input validation. This could lead to r In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-69279 [HIGH] CWE-20 CVE-2025-69279: In nr modem, there is a possible system crash due to improper input validation. This could lead to r In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-69278 [HIGH] CWE-20 CVE-2025-69278: In nr modem, there is a possible system crash due to improper input validation. This could lead to r In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2025-61612 [HIGH] CWE-20 CVE-2025-61612: In nr modem, there is a possible system crash due to improper input validation. This could lead to r In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2026-0006 [CRITICAL] CWE-122 CVE-2026-0006: In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflo In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48609 [CRITICAL] CWE-400 CVE-2025-48609: In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0047 [HIGH] CWE-280 CVE-2026-0047: In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access pri In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48653 [HIGH] CWE-693 CVE-2025-48653: In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due t In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0037 [HIGH] CWE-787 CVE-2026-0037: In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the co In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0030 [HIGH] CWE-787 CVE-2026-0030: In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0028 [HIGH] CWE-190 CVE-2026-0028: In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integ In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0023 [HIGH] CWE-269 CVE-2026-0023: In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to upda In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0025 [HIGH] CWE-200 CVE-2026-0025: In hasImage of Notification.java, there is a possible way to reveal information across users due to In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48574 [HIGH] CWE-862 CVE-2025-48574: In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept dra In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48650 [HIGH] CWE-89 CVE-2025-48650: In multiple locations, there is a possible information disclosure due to SQL injection. This could l In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.