Google Android vulnerabilities

7,234 known vulnerabilities affecting google/android.

Total CVEs

7,234

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL544HIGH2984MEDIUM3458LOW248

Vulnerabilities

Page 24 of 362

CVE-2025-20661MEDIUMCVSS 6.7v12.0v14.02025-04-07

CVE-2025-20661 [MEDIUM] CWE-125 CVE-2025-20661: In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could le In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185.

nvd

CVE-2025-20656MEDIUMCVSS 6.8v12.0v13.0+2 more2025-04-07

CVE-2025-20656 [MEDIUM] CWE-787 CVE-2025-20656: In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.

nvd

CVE-2025-20662MEDIUMCVSS 6.7v12.0v14.02025-04-07

CVE-2025-20662 [MEDIUM] CWE-125 CVE-2025-20662: In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could le In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184.

nvd

CVE-2025-20658MEDIUMCVSS 6.0v12.0v13.0+2 more2025-04-07

CVE-2025-20658 [MEDIUM] CWE-787 CVE-2025-20658: In DA, there is a possible permission bypass due to a logic error. This could lead to local escalati In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.

nvd

CVE-2025-20660MEDIUMCVSS 6.7v12.0v14.02025-04-07

CVE-2025-20660 [MEDIUM] CWE-125 CVE-2025-20660: In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could le In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.

nvd

CVE-2024-56192HIGHCVSS 7.8vunknown2025-03-10

CVE-2024-56192 [HIGH] CWE-281 CVE-2024-56192: In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing b In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2024-56191HIGHCVSS 8.4vunknown2025-03-10

CVE-2024-56191 [HIGH] CWE-281 CVE-2024-56191: In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. T In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2024-56184MEDIUMCVSS 5.1vAndroid kernel2025-03-10

CVE-2024-56184 [MEDIUM] CWE-125 CVE-2024-56184: In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect b In static long dev_send of tipc_dev_ql, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2024-56186MEDIUMCVSS 5.1vAndroid kernel2025-03-10

CVE-2024-56186 [MEDIUM] CWE-125 CVE-2024-56186: In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2024-56185MEDIUMCVSS 5.1vAndroid kernel2025-03-10

CVE-2024-56185 [MEDIUM] CWE-125 CVE-2024-56185: In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-o In ProtocolUnsolOnSSAdapter::GetServiceClass() of protocolcalladapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

cvelistv5nvd

CVE-2024-56187MEDIUMCVSS 6.6vAndroid kernel2025-03-10

CVE-2024-56187 [MEDIUM] CWE-125 CVE-2024-56187: In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to In ppcfw_deny_sec_dram_access of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2024-56188MEDIUMCVSS 5.1vAndroid kernel2025-03-10

CVE-2024-56188 [MEDIUM] CWE-476 CVE-2024-56188: there is a possible way to crash the modem due to a missing null check. This could lead to remote de there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2025-20645HIGHCVSS 7.8v14.0v15.02025-03-03

CVE-2025-20645 [HIGH] CWE-787 CVE-2025-20645: In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lea In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599.

nvd

CVE-2025-20648MEDIUMCVSS 5.5v13.0v14.0+1 more2025-03-03

CVE-2025-20648 [MEDIUM] CWE-125 CVE-2025-20648: In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to loc In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID: MSV-2584.

nvd

CVE-2025-20650MEDIUMCVSS 6.8v13.0v14.0+1 more2025-03-03

CVE-2025-20650 [MEDIUM] CWE-787 CVE-2025-20650: In da, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.

nvd

CVE-2025-20652MEDIUMCVSS 4.6v13.0v14.0+1 more2025-03-03

CVE-2025-20652 [MEDIUM] CWE-125 CVE-2025-20652: In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to l In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.

nvd

CVE-2025-20653MEDIUMCVSS 6.5v13.0v14.0+1 more2025-03-03

CVE-2025-20653 [MEDIUM] CWE-190 CVE-2025-20653: In da, there is a possible out of bounds read due to an integer overflow. This could lead to local i In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.

nvd

CVE-2025-20651MEDIUMCVSS 4.1v13.0v14.0+1 more2025-03-03

CVE-2025-20651 [MEDIUM] CWE-125 CVE-2025-20651: In da, there is a possible out of bounds read due to a missing bounds check. This could lead to loca In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.

nvd

CVE-2024-39441HIGHCVSS 8.4v13.0v14.0+1 more2025-02-26

CVE-2024-39441 [HIGH] CWE-200 CVE-2024-39441: In wifi display, there is a possible missing permission check. This could lead to local escalation o In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

nvd

CVE-2025-20640MEDIUMCVSS 4.3v12.0v13.0+2 more2025-02-03

CVE-2025-20640 [MEDIUM] CWE-125 CVE-2025-20640: In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to loca In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.

nvd

← Previous24 / 362Next →