Google Android vulnerabilities

CVE-2025-21024 [MEDIUM] CVE-2025-21024: Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local at Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.

CVE-2025-20696 [MEDIUM] CWE-787 CVE-2025-20696: In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.

CVE-2025-20698 [MEDIUM] CWE-787 CVE-2025-20698: In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.

CVE-2025-20697 [MEDIUM] CWE-787 CVE-2025-20697: In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.

CVE-2025-20695 [MEDIUM] CWE-124 CVE-2025-20695: In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to r In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

CVE-2025-20693 [MEDIUM] CWE-125 CVE-2025-20693: In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This co In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

CVE-2025-20694 [MEDIUM] CWE-124 CVE-2025-20694: In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to r In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

CVE-2025-31710 [HIGH] CWE-77 CVE-2025-31710: In engineermode service, there is a possible command injection due to improper input validation. Thi In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2025-31712 [MEDIUM] CWE-120 CVE-2025-31712: In cplog service, there is a possible out of bounds write due to a missing bounds check. This could In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

CVE-2025-31711 [MEDIUM] CWE-476 CVE-2025-31711: In cplog service, there is a possible system crash due to null pointer dereference. This could lead In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

CVE-2025-27700 [HIGH] CWE-693 CVE-2025-27700: There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-27701 [MEDIUM] CWE-476 CVE-2025-27701: In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.

CVE-2024-56193 [MEDIUM] CWE-200 CVE-2024-56193: There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-20979 [HIGH] CWE-787 CVE-2025-20979: Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary co Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.

CVE-2025-20980 [MEDIUM] CWE-787 CVE-2025-20980: Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corrupt Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.

CVE-2025-20668 [HIGH] CWE-787 CVE-2025-20668: In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.

CVE-2025-20671 [HIGH] CWE-787 CVE-2025-20671: In thermal, there is a possible out of bounds write due to a race condition. This could lead to loca In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.

CVE-2025-20665 [MEDIUM] CWE-538 CVE-2025-20665: In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could l In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

CVE-2025-20655 [MEDIUM] CWE-125 CVE-2025-20655: In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.

CVE-2025-20657 [MEDIUM] CWE-787 CVE-2025-20657: In vdec, there is a possible permission bypass due to improper input validation. This could lead to In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.