Google Android vulnerabilities

CVE-2025-20642 [MEDIUM] CWE-787 CVE-2025-20642: In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.

CVE-2024-20141 [MEDIUM] CWE-123 CVE-2024-20141: In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.

CVE-2025-20639 [MEDIUM] CWE-787 CVE-2025-20639: In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.

CVE-2025-20638 [MEDIUM] CWE-457 CVE-2025-20638: In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lea In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.

CVE-2024-20142 [MEDIUM] CWE-787 CVE-2024-20142: In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.

CVE-2025-20641 [MEDIUM] CWE-787 CVE-2025-20641: In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to loc In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.

CVE-2025-20635 [MEDIUM] CWE-787 CVE-2025-20635: In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.

CVE-2024-20147 [MEDIUM] CWE-617 CVE-2024-20147: In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This co In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chip

CVE-2025-20636 [MEDIUM] CWE-787 CVE-2025-20636: In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.

CVE-2025-20643 [LOW] CWE-1295 CVE-2025-20643: In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to loca In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.

CVE-2024-34733 [HIGH] CWE-190 CVE-2024-34733: In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40677 [HIGH] CWE-862 CVE-2024-40677: In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass facto In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40669 [HIGH] CWE-416 CVE-2024-40669: In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2018-9373 [HIGH] CWE-787 CVE-2018-9373: In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a miss In TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40675 [HIGH] CWE-835 CVE-2024-40675: In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validati In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40672 [HIGH] CWE-281 CVE-2024-40672: In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40676 [HIGH] CWE-843 CVE-2024-40676: In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security c In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40651 [HIGH] CWE-416 CVE-2024-40651: In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34748 [HIGH] CWE-416 CVE-2024-34748: In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to i In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-34732 [HIGH] CWE-362 CVE-2024-34732: In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race con In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.